gcp-terraform

Setup

Before you begin, you must do the following:

• Have a business account enabled on GCP (more about this below)
• Create a Billing Account and export its ID:

export TF_VAR_BILLING_ACCOUNT={YOUR_BILLING_ACCOUNT_ID}

• Authenticate in gcloud with an account that has the Organization Administrator role:

gcloud auth login

• Grant Folder Admin role to your account at the organization level, so you can create folders:

gcloud organizations add-iam-policy-binding {YOUR_ORGAZINATION_ID} \
--member=user:{YOUR_EMAIL} --role=roles/resourcemanager.folderAdmin

• Create a folder under your organization, and export its ID as an environment variable:

gcloud resource-manager folders create \
   --display-name={DISPLAY_NAME} \
   --organization={YOUR_ORGAZINATION_ID}

export TF_VAR_FOLDER_ID={YOUR_FOLDER_ID}

• Grant Owner permission to your account at the folder level, so you can use it to manage projects and other resources:

gcloud resource-manager folders add-iam-policy-binding $TF_VAR_FOLDER_ID \
--member=user:{YOUR_EMAIL} --role=roles/owner

Note: This is a legacy role with too much power. Using it as a shortcut.

• (Recommended) Export a random suffix to reduce risk of your project ID clashing with existing projects:

export TF_VAR_SUFFIX="-$RANDOM$RANDOM"

• Initialize Terraform

terraform init

Why do I need a business account?

Teraform's google_project resource requires either a folder_id or an org_id. If you already have a project, you can remove those resources from the script and use your project_id instead.

Usage

To spin up the infrastructure, run:

terraform apply

Once the script finishes, you can ssh into the VM you just created with the command:

gcloud compute ssh --zone "us-central1-c" "terraform-instance"  --project "terraform-project${SUFFIX}"

To teardown the infrastructure, run:

terraform destroy