The purpose of this repo is to demonstrate how to deploy infrastructure on GCP via Terraform. At a high level we deploy:
- Shared VPC network (Host Project resides in Management Folder & Service Projects in application folder)
- 4 subnets (5 total to show how easy to add subnets) in a single region for simplicity
- Firewall rules to allow internal network connectivity, SSH and Web access from external internet on certain resources.
- Bastion Host that resides in subnet 01
- MIG running apache web server that resides in subnet 03 that cannot be accessed via the public internet.
- HTTP Load balancer that exposes the apache webserver on port 80 and forwards the incoming traffic to the backend server.
TODO(antoniordz96) add architecture diagram
This repo is meant for use with Terraform 0.13.7. You can manage different versions of terraform in the local
workstation using tfenv.
Name |
Source |
Version |
host_project |
terraform-google-modules/project-factory/google |
~> 11.1.0 |
http-lb |
GoogleCloudPlatform/lb-http/google |
6.0.1 |
mig |
terraform-google-modules/vm/google//modules/mig |
6.2.0 |
mig_template |
terraform-google-modules/vm/google//modules/instance_template |
6.2.0 |
networking |
./modules/network |
n/a |
service-project |
terraform-google-modules/project-factory/google//modules/svpc_service_project |
~> 11.1.0 |
Name |
Description |
Type |
Default |
Required |
billing_account_id |
Billing Account to associate resources to. |
string |
n/a |
yes |
organization_id |
GCP organization ID. |
string |
n/a |
yes |
region |
GCP Region to deploy resources. |
string |
"us-central1" |
no |
# Downloading Repo
git clone https://github.com/antoniordz96/shared-vpc-demo.git
cd shared-vpc-demo
# Configuring Terraform
tfenv install 0.13.7
tfenv use 0.13.7
terraform version
# Configuring gcloud
gcloud auth login
# Using terraform seed project and SA
gcloud config set project $TERRAFORM_SEED_PROJECT
gcloud iam service-accounts keys create key.json --iam-account={terraform-seed-sa}@project-id.iam.gserviceaccount.com
export GOOGLE_APPLICATION_CREDENTIALS=${SERVICE_ACCOUNT_KEY_PATH}
# remember to set input variables. Use terraform.tfvars
touch terraform.tfvars
terraform init
terraform plan
terraform apply
Note: You do not necessarily need to download the seed SA. One can perform service account impersonation and run
terraform to deploy the resources. For more info see
public docs.