GCP

This template creates an infrastructure on Google Cloud Platform (GCP) including a custom VPC, subnets, and firewall rules.

Architecture Overview

The template creates:

• Custom VPC: A new VPC network with custom subnets
• Two Subnets:
  • dev-subnet-1: Created in the custom VPC
  • dev-subnet-2: Created in the default VPC
• Firewall Rules:
  • Internal traffic rules for the custom VPC
  • SSH access rule for instances with ssh-allowed tag

Prerequisites

1. Google Cloud SDK: Install and configure the Google Cloud SDK
2. Terraform: Install Terraform version >= 1.12.0
3. GCP Project: Have a GCP project with billing enabled
4. Authentication: Set up authentication using one of these methods:
   • Service Account Key
   • Application Default Credentials (ADC)
   • gcloud auth application-default login

Quick Start

1. Clone and Configure

# Navigate to your project directory
cd your-terraform-project

# Update the terraform.tfvars file with your project ID

2. Configure Variables

Edit terraform.tfvars to match your requirements:

project_id = "your-actual-gcp-project-id"

3. Initialize and Deploy

# Initialize Terraform
terraform init

# Review the planned changes
terraform plan

# Apply the configuration
terraform apply

When prompted, type yes to confirm the deployment.

Configuration Options

Variables

Variable	Type	Default	Description
project_id	string	Required	Your GCP project ID
region	string	europe-west3	GCP region for resources
zone	string	europe-west3-a	GCP zone for resources
vpc_cidr_block	string	10.0.0.0/16	CIDR block for the custom VPC
environment	string	dev	Environment name (used in resource naming)
subnet_configs	list(object)	See below	Subnet configurations

Default Subnet Configuration

subnet_configs = [
  {
    cidr_block = "10.0.1.0/24"
    name       = "dev-subnet-1"
    region     = "europe-west3"
  },
  {
    cidr_block = "10.0.2.0/24" 
    name       = "dev-subnet-2"
    region     = "europe-west3"
  }
]

Customizing Configuration

Create a custom terraform.tfvars file or override variables:

project_id = "my-project-123"
region = "us-central1"
zone = "us-central1-a"
environment = "production"

subnet_configs = [
  {
    cidr_block = "10.1.1.0/24"
    name       = "prod-subnet-1"
    region     = "us-central1"
  },
  {
    cidr_block = "10.1.2.0/24"
    name       = "prod-subnet-2" 
    region     = "us-central1"
  }
]

Outputs

After deployment, the following outputs will be available:

• dev_vpc_id: ID of the created custom VPC
• dev_vpc_name: Name of the created custom VPC
• dev_subnet_1_id: ID of the first subnet (in custom VPC)
• dev_subnet_1_name: Name of the first subnet
• dev_subnet_2_id: ID of the second subnet (in default VPC)
• default_vpc_id: ID of the default VPC

View outputs with:

terraform output

Security Considerations

Firewall Rules

The template creates these firewall rules:

1. Internal Traffic: Allows all internal communication within the custom VPC (10.0.0.0/16)
2. SSH Access: Allows SSH (port 22) from anywhere (0.0.0.0/0) to instances tagged with ssh-allowed

⚠️ Security Warning: The SSH rule allows access from any IP address. For production environments, consider:

• Restricting source ranges to specific IP addresses or ranges
• Using IAP (Identity-Aware Proxy) for secure access
• Implementing additional network security measures

Recommended Production Changes

For production deployments, consider modifying:

# Restrict SSH access to specific IP ranges
source_ranges = ["YOUR_OFFICE_IP/32", "YOUR_VPN_RANGE/24"]

# Or use IAP
source_ranges = ["35.235.240.0/20"]  # IAP IP range

File Structure

.
├── provider.tf          # Terraform and provider configuration
├── variables.tf         # Variable definitions
├── terraform.tfvars     # Variable values (customize this)
├── resources.tf         # Main infrastructure resources
├── outputs.tf          # Output definitions
└── README.md           # This file

Common Operations

View Current State

terraform show

Update Infrastructure

# After making changes to .tf files
terraform plan
terraform apply

Destroy Infrastructure

terraform destroy

Format Code

terraform fmt

Validate Configuration

terraform validate

Troubleshooting

Common Issues

1. Authentication Errors

   # Set up application default credentials
   gcloud auth application-default login

2. Project Not Found

   • Verify your project ID in terraform.tfvars
   • Ensure you have the necessary permissions

3. API Not Enabled

   # Enable required APIs
   gcloud services enable compute.googleapis.com

4. Quota Exceeded

   • Check your project quotas in the GCP Console
   • Request quota increases if needed

Getting Help

• Check the Terraform GCP Provider Documentation
• Review GCP VPC Documentation
• Use terraform plan to preview changes before applying

Next Steps

After deploying this template, you might want to:

1. Add Compute Instances: Create VM instances in the subnets
2. Set up Load Balancers: Add load balancing for your applications
3. Configure DNS: Set up Cloud DNS for name resolution
4. Add Monitoring: Implement logging and monitoring solutions
5. Enhance Security: Add more specific firewall rules and security policies

Contributing

When modifying this template:

1. Run terraform fmt to format code
2. Run terraform validate to check syntax
3. Test changes in a development environment first
4. Update this README if adding new features or variables