Skip to content

Initialization

Whenever you create new Terraform project you will need to initialize it first.

You will need to setup your provider (in this case GCP).

The exercises are using a local Terraform state, but for continued you use you might want to store the state remotely.

Work directory & files

Create the following files:

  1. main.tf
    • This file wil have all basic configuration for your project.
  2. variables.tf
    • This file will hold all variables of our module.
  3. cloud_run.tf
    • This file will have the Cloud Run configuration.
  4. compute_engine.tf
    • This will have all Compute Engine related configuration.
  5. firewall.tf
    • This file will have the definitions for SSH and HTTP access to your Compute Engine instance.
  6. iam.tf
    • IAM will have the definitions for access to the Cloud Run application.
  7. loadbalancer.tf
    • This file will have all the necessary definitions for HTTP load balancing.
  8. output.tf
    • This file will have all the data that Terraform will output when it finished running.

Note that we are speaking of a "project" and "module" quite interchangeably here. That's because all directories with .tf files in them become modules.

Since our directory will have a Terraform state, it can be described as a "root module".

Also, the names of the files does not matter since Terraform will internally build a graph out of all the resources and their dependencies on each other. It is quite common however, to see files such as main.tf, variables.tf and outputs.tf.

Terraform configuration

In the terraform block, we are defining the minimum supported Terraform version and also which providers we are going to be using.

It is useful to pin the version of the providers as well, but we're not doing that this time.

terraform {
  required_version = ">= 1.0.0"

  required_providers {
    google = {
      source  = "hashicorp/google"
    }
  }
}

Provider configuration

Provider configuration can vary much between different providers, but usually they have some parameters to determine how APIs are going to be accessed.

In this case we are using Service Account impersonation with the previously set up GOOGLE_APPLICATION_CREDENTIALS JSON key.

provider "google" {
  alias = "impersonate"
}

data "google_service_account_access_token" "sa" {
  provider               = google.impersonate
  target_service_account = "project-service-account@${var.project}.iam.gserviceaccount.com"
  lifetime               = "600s"

  scopes = [
    "https://www.googleapis.com/auth/cloud-platform",
  ]
}

provider "google" {
  access_token = data.google_service_account_access_token.sa.access_token
}

Initializing Terraform

We need to initialize Terraform to download all required modules and packages to be used. You need to re-initialize every time you touch one of the modules or change versions etc...

terraform init

Initializing the backend...

Initializing provider plugins...
- Finding hashicorp/google versions matching "~> 3.72.0"...
- Installing hashicorp/google v3.72.0...
- Installed hashicorp/google v3.72.0 (signed by HashiCorp)

Terraform has made some changes to the provider dependency selections recorded
in the .terraform.lock.hcl file. Review those changes and commit them to your
version control system if they represent changes you intended to make.

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.

If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
Help

terraform/main.tf

terraform {
  required_version = ">= 1.0.0"

  required_providers {
    google = {
      source  = "hashicorp/google"
    }
  }
}

provider "google" {
  alias = "impersonate"
}

data "google_service_account_access_token" "sa" {
  provider               = google.impersonate
  target_service_account = "project-service-account@${var.project}.iam.gserviceaccount.com"
  lifetime               = "600s"

  scopes = [
    "https://www.googleapis.com/auth/cloud-platform",
  ]
}

provider "google" {
  access_token = data.google_service_account_access_token.sa.access_token
}

Next

Next we will learn about variables.