Time: 1 hour 30 minutes
Difficulty: Introductory
Price: 1 Credit
Quest: Automating Infrastructure on Google Cloud with Terraform
Last updated: May 19, 2023
You are a cloud engineer intern for a new startup. For your first project, your new boss has tasked you with creating infrastructure in a quick and efficient manner and generating a mechanism to keep track of it for future reference and changes. You have been directed to use Terraform to complete the project.
For this project, you will use Terraform to create, deploy, and keep track of infrastructure on the startup's preferred provider, Google Cloud. You will also need to import some mismanaged instances into your configuration and fix them.
In this lab, you will use Terraform to import and create multiple VM instances, a VPC network with two subnetworks, and a firewall rule for the VPC to allow connections between the two instances. You will also create a Cloud Storage bucket to host your remote backend.
-
Make the empty files and directories in Cloud Shell or the Cloud Shell Editor.
touch main.tf touch variables.tf mkdir modules cd modules mkdir instances cd instances touch instances.tf touch outputs.tf touch variables.tf cd .. mkdir storage cd storage touch storage.tf touch outputs.tf touch variables.tf cd
Folder structure should look like this:
main.tf variables.tf modules/ └── instances ├── instances.tf ├── outputs.tf └── variables.tf └── storage ├── storage.tf ├── outputs.tf └── variables.tf
-
Add the following to the each variables.tf file, and replace
PROJECT_ID
with your GCP Project ID, also change theREGION
and theZONE
based on the lab instructions.variable "region" { default = "<****us-central1****>" } variable "zone" { default = "<****us-central1-a****>" } variable "project_id" { default = "<****PROJECT_ID****>" }
-
Add the following to the
main.tf
file.terraform { required_providers { google = { source = "hashicorp/google" version = "4.53.0" } } } provider "google" { project = var.project_id region = var.region zone = var.zone } module "instances" { source = "./modules/instances" }
-
Run the following commands in Cloud Shell in the root directory to initialize terraform.
terraform init
-
In the Cloud Console, go to the Navigation menu and select Compute Engine.
-
Click the
tf-instance-1
, then copy the Instance ID down somewhere to use later. -
In the Cloud Console, go to the Navigation menu and select Compute Engine.
-
Do the same thing on previous step, click the
tf-instance-2
, then copy the Instance ID down somewhere to use later. -
Next, navigate to
modules/instances/instances.tf
. Copy the following configuration into the file.resource "google_compute_instance" "tf-instance-1" { name = "tf-instance-1" machine_type = "n1-standard-1" zone = var.zone boot_disk { initialize_params { image = "debian-cloud/debian-10" } } network_interface { network = "default" } metadata_startup_script = <<-EOT #!/bin/bash EOT allow_stopping_for_update = true } resource "google_compute_instance" "tf-instance-2" { name = "tf-instance-2" machine_type = "n1-standard-1" zone = var.zone boot_disk { initialize_params { image = "debian-cloud/debian-10" } } network_interface { network = "default" } metadata_startup_script = <<-EOT #!/bin/bash EOT allow_stopping_for_update = true }
-
Run the following commands in Cloud Shell to import the first instance. Replace
INSTANCE_ID_1
with Instance ID fortf-instance-1
you copied down earlier.terraform import module.instances.google_compute_instance.tf-instance-1 <****INSTANCE_ID_1****>
-
Run the following commands in Cloud Shell to import the first instance. Replace
INSTANCE_ID_2
with Instance ID fortf-instance-2
you copied down earlier.terraform import module.instances.google_compute_instance.tf-instance-2 <****INSTANCE_ID_2****>
-
Run the following commands to apply your changes.
terraform plan terraform apply
-
Add the following code to the
modules/storage/storage.tf
file. ReplaceBUCKET_NAME
with bucket name given in lab instructions.resource "google_storage_bucket" "storage-bucket" { name = "<****BUCKET_NAME****>" location = "US" force_destroy = true uniform_bucket_level_access = true }
-
Next, add the following to the
main.tf
file.module "storage" { source = "./modules/storage" }
-
Run the following commands to initialize the module and create the storage bucket resource. Type
yes
at the dialogue after you run the apply command to accept the state changes.terraform init terraform apply
-
Next, update the
main.tf
file so that the terraform block looks like the following. Fill in your GCP Project ID for the bucket argument definition. ReplaceBUCKET_NAME
with Bucket Name given in lab instructions.terraform { backend "gcs" { bucket = "<****BUCKET_NAME****>" prefix = "terraform/state" } required_providers { google = { source = "hashicorp/google" version = "4.53.0" } } }
-
Run the following commands to initialize the remote backend. Type
yes
at the prompt.terraform init
-
Navigate to
modules/instances/instance.tf
. Replace the entire contents of the file with the following, then replaceINSTANCE_NAME
with instance name given in lab instructions.resource "google_compute_instance" "tf-instance-1" { name = "tf-instance-1" machine_type = "n1-standard-2" zone = var.zone boot_disk { initialize_params { image = "debian-cloud/debian-10" } } network_interface { network = "default" } metadata_startup_script = <<-EOT #!/bin/bash EOT allow_stopping_for_update = true } resource "google_compute_instance" "tf-instance-2" { name = "tf-instance-2" machine_type = "n1-standard-2" zone = var.zone boot_disk { initialize_params { image = "debian-cloud/debian-10" } } network_interface { network = "default" } metadata_startup_script = <<-EOT #!/bin/bash EOT allow_stopping_for_update = true } resource "google_compute_instance" "<****INSTANCE_NAME****>" { name = "<****INSTANCE_NAME****>" machine_type = "n1-standard-2" zone = var.zone boot_disk { initialize_params { image = "debian-cloud/debian-10" } } network_interface { network = "default" } metadata_startup_script = <<-EOT #!/bin/bash EOT allow_stopping_for_update = true }
-
Run the following commands to initialize the module and create/update the instance resources. Type
yes
at the dialogue after you run the apply command to accept the state changes.terraform init terraform apply
-
Taint the
INSTANCE_NAME
resource by running the following command.terraform taint module.instances.google_compute_instance.<****INSTANCE_NAME****>
-
Run the following commands to apply the changes.
terraform init terraform apply
-
Remove the
INSTANCE_NAME
(instance 3) resource from theinstances.tf
file. Delete the following code chunk from the file.resource "google_compute_instance" "<****INSTANCE_NAME****>" { name = "<****INSTANCE_NAME****>" machine_type = "n1-standard-2" zone = var.zone boot_disk { initialize_params { image = "debian-cloud/debian-10" } } network_interface { network = "default" } metadata_startup_script = <<-EOT #!/bin/bash EOT allow_stopping_for_update = true }
-
Run the following commands to apply the changes. Type yes at the prompt.
terraform apply
-
Copy and paste the following into the
main.tf
file. ReplaceVPC_NAME
with VPC Name given in lab instructions.module "vpc" { source = "terraform-google-modules/network/google" version = "~> 6.0.0" project_id = var.project_id network_name = "<****VPC_NAME****>" routing_mode = "GLOBAL" subnets = [ { subnet_name = "subnet-01" subnet_ip = "10.10.10.0/24" subnet_region = var.region }, { subnet_name = "subnet-02" subnet_ip = "10.10.20.0/24" subnet_region = var.region subnet_private_access = "true" subnet_flow_logs = "true" description = "This subnet has a description" } ] }
-
Run the following commands to initialize the module and create the VPC. Type
yes
at the prompt.terraform init terraform apply
-
Navigate to
modules/instances/instances.tf
. Replace the entire contents of the file with the following. ReplaceVPC_NAME
with VPC Name given in lab instructions.resource "google_compute_instance" "tf-instance-1" { name = "tf-instance-1" machine_type = "n1-standard-2" zone = var.zone boot_disk { initialize_params { image = "debian-cloud/debian-10" } } network_interface { network = "<****VPC_NAME****>" subnetwork = "subnet-01" } metadata_startup_script = <<-EOT #!/bin/bash EOT allow_stopping_for_update = true } resource "google_compute_instance" "tf-instance-2" { name = "tf-instance-2" machine_type = "n1-standard-2" zone = var.zone boot_disk { initialize_params { image = "debian-cloud/debian-10" } } network_interface { network = "<****VPC_NAME****>" subnetwork = "subnet-02" } metadata_startup_script = <<-EOT #!/bin/bash EOT allow_stopping_for_update = true } module "vpc" { source = "terraform-google-modules/network/google" version = "~> 6.0.0" project_id = "*****PROJECT_ID****" network_name = "****VPC_NAME*****" routing_mode = "GLOBAL" subnets = [ { subnet_name = "subnet-01" subnet_ip = "10.10.10.0/24" subnet_region = "us-central1" }, { subnet_name = "subnet-02" subnet_ip = "10.10.20.0/24" subnet_region = "us-central1" subnet_private_access = "true" subnet_flow_logs = "true" description = "This subnet has a description" }, ] }
-
Run the following commands to initialize the module and update the instances. Type
yes
at the prompt.terraform init terraform apply
-
Add the following resource to the
main.tf
file and replacePROJECT_ID
andVPC_NAME
with your GCP Project ID and VPC Name given in lab instructions.resource "google_compute_firewall" "tf-firewall" { name = "tf-firewall" network = "projects/<****PROJECT_ID****>/global/networks/<****VPC_NAME****>" allow { protocol = "tcp" ports = ["80"] } source_tags = ["web"] source_ranges = ["0.0.0.0/0"] }
-
Run the following commands to configure the firewall. Type
yes
at the prompt.terraform init terraform apply