🗞️Build Infrastructure on Google Cloud with Terraform — Google Challenge Lab Walkthrough

🏷️ challenge-lab 🏷️ google-cloud-platform 🏷️ terraform 🏷️ infrastructure 🏷️ terraform-import

🗿Semantically Similar Articles (by :title_embedding)

🗄️ 40.2 🔗 Apr01 Design your Landing Zone — Design Considerations Part 4— IaC, GitOps and CI/CD (Google Cloud… (🧑🏻‍💻 Dazbo (Darren Lester))
🗄️ 40.8 🔗 Mar31 Demystifying Google Cloud Networking for Cloud SQL Setup with IAC — Part II (🧑🏻‍💻 paras mamgain)
🗄️ 41.9 🔗 Mar26 The overwhelmed person’s guide to Google Cloud: week of March 21 (🧑🏻‍💻 Richard Seroter)
🗄️ 42.4 🔗 Apr15 Landing Zone Technical Onboarding— the “How-To” (Google Cloud Adoption Series) (🧑🏻‍💻 Dazbo (Darren Lester))
🗄️ 43.8 🔗 Mar28 Secure Together — Federated Learning for Decentralized Security on GCP (🧑🏻‍💻 Imran Roshan)

Build Infrastructure on Google Cloud with Terraform — Google Challenge Lab Walkthrough

2024-04-05 - Dazbo (Darren Lester) (from Google Cloud - Medium)

Build Infrastructure on Google Cloud with Terraform — Google Challenge Lab WalkthroughThis is a walkthrough of the challenge lab from the course Build Infrastructure with Terraform on Google Cloud.This lab tests your ability to:Import existing infrastructure into your Terraform configuration.Build and reference your own Terraform modules.Add a remote backend to your configuration.Use and implement a module from the Terraform Registry.Re-provision, destroy, and update infrastructure.Test connectivity between the resources you’ve created.Intro to Challenge LabsGoogle provides an online learning platform called Google Cloud Skills Boost, formerly known as QwikLabs. On this platform, you can follow training courses aligned to learning paths, to particular products, or for particular solutions.One type of learning experience on this platform is called a quest. This is where you complete a number of guided hands-on labs, and then finally complete a Challenge Lab. The challenge lab differs from the other labs in that goals are specified, but very little guidance on how to achieve the goals is given.I occasionally create walkthroughs of these challenge labs. The goal is not to help you cheat your way through the challenge labs! But rather:To show you what I believe to be an ideal route through the lab.To help you with particular gotchas or blockers that are preventing you from completing the lab on your own.If you’re looking for help with challenge lab, then you’ve come to the right place. But I strongly urge you to work your way through the quest first, and to try the lab on your own, before reading further!With all these labs, there are always many ways to go about solving the problem. I generally like to solve them using the Cloud Shell, since I can then document a more repeatable and programmatic approach. But of course, you can use the Cloud Console too.Overview of this LabIn this lab we’re expected to use Terraform to create, deploy and manage infrastructure on Google Cloud. We also need to import some mismanaged instances into our configuration and fix them.My SolutionLet’s start by defining some variables we can use throughout this challenge. The actual variables will be provided to you when you start the lab.gcloud auth listregion=<ENTER REGION>zone=<ENTER ZONE>prj=<ENTER PRJ ID>Task 1 — Create the Configuration FilesWe’re told to create this folder structure:main.tfvariables.tfmodules/└── instances| ├── instances.tf| ├── outputs.tf| └── variables.tf└── storage ├── storage.tf ├── outputs.tf └── variables.tfWe can do it like this:# Create main.tf and variables.tf in the root directorytouch main.tf variables.tf# Create main directory and its filesmkdir -p modules/instancesmkdir modules/storage# Create the required files in the 'instances' module directorytouch modules/instances/instances.tftouch modules/instances/outputs.tftouch modules/instances/variables.tf# Create the required files in the 'storage' module directorytouch modules/storage/storage.tftouch modules/storage/outputs.tftouch modules/storage/variables.tfNow we update the variables.tf files to contain these variables:variable "region" { description = "The Google Cloud region" type = string default = "Lab-supplied region"}variable "zone" { description = "The Google Cloud zone" type = string default = "Lab-supplied zone"}variable "project_id" { description = "The ID of the project in which to provision resources." type = string default = "Your project ID"}Update the root module main.tf to include the Google Cloud Provider, which you can always look up in the Terraform Registry. We’re asked to include all three of our variables in our provider block.terraform { required_providers { google = { source = "hashicorp/google" } }}provider "google" { project = var.project_id region = var.region zone = var.zone}Now we need to initialise Terraform. So run this command:terraform initTask 2 — Import InfrastructureHere, the goal is to bring infrastructure under Terraform control, that has thus far been provisioned outside of Terraform.We’re going to use the Terraform import workflow:Terraform import workflowThese are the import steps:Identify the existing infrastructure to be imported.Import the infrastructure into your Terraform state.Write a Terraform configuration that matches that infrastructure.Review the Terraform plan to ensure that the configuration matches the expected state and infrastructure.Apply the configuration to update your Terraform state.Identify the existing infrastructure to be importedTwo GCE instances have already been created. Examine one of the existing instances, tf-instance-1 in the Cloud Console. We want to retrieve:NetworkMachine typeDiskNext we need to include two calls to our instances module in our main.tf. They will contain empty definitions, so that we can import.module "tf_instance_1" { source = "./modules/instances" instance_name = "tf-instance-1" zone = var.zone region = var.region}module "tf_instance_2" { source = "./modules/instances" instance_name = "tf-instance-2" zone = var.zone region = var.region}Remember that each module definition must have a unique label.Now initialise:terraform initNow we write the module configurations in instances.tf. We’re told the arguments that need to be included in our minimal configuration:resource "google_compute_instance" "instance" { name = var.instance_name machine_type = "hard code from existing instance" zone = var.zone boot_disk { initialize_params { # image = "debian-cloud/debian-11" image = "hard code from existing instance" } } network_interface { # network = "default" network = "hard code from existing instance" access_config { // Ephemeral public IP } } metadata_startup_script = <<-EOT #!/bin/bash EOT allow_stopping_for_update = true}Update variables.tf in the instance module, so we can pass in the instance_name:variable "instance_name" { description = "The name of the instance." type = string}Import the Existing Infrastructure into Terraform Stateterraform import module.tf_instance_1.google_compute_instance.instance \ projects/$prj/zones/$zone/instances/tf-instance-1terraform import module.tf_instance_2.google_compute_instance.instance \ projects/$prj/zones/$zone/instances/tf-instance-2# verify the importterraform showThe import should look like this:terraform importPlan and ApplyNow we update the instances in-place by running the apply:terraform planterraform applyTask 3 — Configure a Remote BackendThis is pretty easy. These are standard steps that you would run whenever we want to store Terraform state in a remote GCS backend:Provision a GCS bucket with Terraform.Add a backend block that points to the new GCS bucket.Reinitialise Terraform and migrate the state from the local state file to the remote backend.Provision the GCS BucketAdd this resource definition to main.tf:resource "google_storage_bucket" "test-bucket-for-state" { name = "Bucket Name You Are Given" location = "US" uniform_bucket_level_access = true force_destroy = true}And apply:terraform applyAdd the GCS BackendModify main.tf and include the backend in the terraform block:terraform { backend "gcs" { bucket = var.project_id prefix = "terraform/state" }}Migrate the StateThis is where we migrate the Terraform state from the local state file into the GCS backend:terraform init -migrate-stateIt will ask you to confirm you want to migrate the state:Migrating Terraform stateTask 4 — Modify and Update the InfrastructureWe need to update variables.tf to include a machine_type:variable "machine_type" { description = "The machine type of an instance" type = string default = "e2-standard-2"}Then we need to modify instance.tf so that it can accept a machine_type parameter:resource "google_compute_instance" "instance" { name = var.instance_name machine_type = var.machine_type zone = var.zone ...Lastly, we need to modify main.tf such that we add the specified third instance to our main.tf, by calling the module for a third time. We don’t need to pass in the machine_type, as we’ve already set it to have a default.Now initialise (because we’ve added another module instance) and apply.terraform initterraform applyTask 5 — Destroy ResourcesNow we remove the instance we previously added. Remove the call to this module from main.tf, then reapply:terraform initterraform applyTask 6 — Use a Module from the RegistryWe’re going to use the Google Network Module.module "network" { source = "terraform-google-modules/network/google" version = "6.0.0" project_id = var.project_id network_name = "Use Supplied VPC Name" routing_mode = "GLOBAL" subnets = [ { subnet_name = "subnet-01" subnet_ip = "10.10.10.0/24" subnet_region = var.region }, { subnet_name = "subnet-02" subnet_ip = "10.10.20.0/24" subnet_region = var.region } ]}Initialise and apply:terraform initterraform applyUpdate instances module to take a network parameter and a subnet parameter.In variables.tf:variable "network" { description = "The network" type = string}variable "subnet" { description = "The subnet" type = string}In instance.tf:network_interface { network = var.network subnetwork = var.subnet access_config { // Ephemeral public IP }}Then update main.tf to create the instances like this:module "tf_instance_1" { source = "./modules/instances" instance_name = "tf-instance-1" zone = var.zone region = var.region network = module.network.network_name subnet = "subnet-01"}module "tf_instance_2" { source = "./modules/instances" instance_name = "tf-instance-2" zone = var.zone region = var.region network = module.network.network_name subnet = "subnet-02"}terraform initterraform applyTask 7 — Add a FirewallUpdate main.tf:resource "google_compute_firewall" "default" { name = "tf-firewall" network = module.network.network_name direction = "INGRESS" source_ranges = ["0.0.0.0/0"] allow { protocol = "tcp" ports = ["80"] }}And one last apply…terraform applyAnd we’re done!Build Infrastructure on Google Cloud with Terraform — Google Challenge Lab Walkthrough was originally published in Google Cloud - Community on Medium, where people are continuing the conversation by highlighting and responding to this story.

🏷️ challenge-lab 🏷️ google-cloud-platform 🏷️ terraform 🏷️ infrastructure 🏷️ terraform-import

[Blogs] 🌎 https://medium.com/google-cloud/build-infrastructure-on-google-cloud-with-terraform-google-challenge-lab-walkthrough-30a592373d3e?source=rss----e52cf94d98af---4 [🧠] [v2] article_embedding_description: {:llm_project_id=>"Unavailable", :llm_dimensions=>nil, :article_size=>14776, :llm_embeddings_model_name=>"textembedding-gecko"}
[🧠] [v1/3] title_embedding_description: {:ricc_notes=>"[embed-v3] Fixed on 9oct24. Only seems incompatible at first glance with embed v1.", :llm_project_id=>"unavailable possibly not using Vertex", :llm_dimensions=>nil, :article_size=>14776, :poly_field=>"title", :llm_embeddings_model_name=>"textembedding-gecko"}
[🧠] [v1/3] summary_embedding_description:
[🧠] As per bug https://github.com/palladius/gemini-news-crawler/issues/4 we can state this article belongs to titile/summary version: v3 (very few articles updated on 9oct24)

🗿article.to_s

------------------------------
Title: Build Infrastructure on Google Cloud with Terraform — Google Challenge Lab Walkthrough
[content]
Build Infrastructure on Google Cloud with Terraform — Google Challenge Lab WalkthroughThis is a walkthrough of the challenge lab from the course Build Infrastructure with Terraform on Google&nbsp;Cloud.This lab tests your ability&nbsp;to:Import existing infrastructure into your Terraform configuration.Build and reference your own Terraform modules.Add a remote backend to your configuration.Use and implement a module from the Terraform Registry.Re-provision, destroy, and update infrastructure.Test connectivity between the resources you’ve&nbsp;created.Intro to Challenge LabsGoogle provides an online learning platform called Google Cloud Skills Boost, formerly known as QwikLabs. On this platform, you can follow training courses aligned to learning paths, to particular products, or for particular solutions.One type of learning experience on this platform is called a quest. This is where you complete a number of guided hands-on labs, and then finally complete a Challenge Lab. The challenge lab differs from the other labs in that goals are specified, but very little guidance on how to achieve the goals is&nbsp;given.I occasionally create walkthroughs of these challenge labs. The goal is not to help you cheat your way through the challenge labs! But&nbsp;rather:To show you what I believe to be an ideal route through the&nbsp;lab.To help you with particular gotchas or blockers that are preventing you from completing the lab on your&nbsp;own.If you’re looking for help with challenge lab, then you’ve come to the right place. But I strongly urge you to work your way through the quest first, and to try the lab on your own, before reading&nbsp;further!With all these labs, there are always many ways to go about solving the problem. I generally like to solve them using the Cloud Shell, since I can then document a more repeatable and programmatic approach. But of course, you can use the Cloud Console&nbsp;too.Overview of this&nbsp;LabIn this lab we’re expected to use Terraform to create, deploy and manage infrastructure on Google Cloud. We also need to import some mismanaged instances into our configuration and fix&nbsp;them.My SolutionLet’s start by defining some variables we can use throughout this challenge. The actual variables will be provided to you when you start the&nbsp;lab.gcloud auth listregion=&lt;ENTER REGION&gt;zone=&lt;ENTER ZONE&gt;prj=&lt;ENTER PRJ ID&gt;Task 1 — Create the Configuration FilesWe’re told to create this folder structure:main.tfvariables.tfmodules/└── instances|   ├── instances.tf|   ├── outputs.tf|   └── variables.tf└── storage    ├── storage.tf    ├── outputs.tf    └── variables.tfWe can do it like&nbsp;this:# Create main.tf and variables.tf in the root directorytouch main.tf variables.tf# Create main directory and its filesmkdir -p modules/instancesmkdir modules/storage# Create the required files in the 'instances' module directorytouch modules/instances/instances.tftouch modules/instances/outputs.tftouch modules/instances/variables.tf# Create the required files in the 'storage' module directorytouch modules/storage/storage.tftouch modules/storage/outputs.tftouch modules/storage/variables.tfNow we update the variables.tf files to contain these variables:variable "region" {  description = "The Google Cloud region"  type        = string  default     = "Lab-supplied region"}variable "zone" {  description = "The Google Cloud zone"  type        = string  default     = "Lab-supplied zone"}variable "project_id" {  description = "The ID of the project in which to provision resources."  type        = string  default     = "Your project ID"}Update the root module main.tf to include the Google Cloud Provider, which you can always look up in the Terraform Registry. We’re asked to include all three of our variables in our provider&nbsp;block.terraform {  required_providers {    google = {      source = "hashicorp/google"    }  }}provider "google" {  project     = var.project_id  region      = var.region  zone        = var.zone}Now we need to initialise Terraform. So run this&nbsp;command:terraform initTask 2 — Import InfrastructureHere, the goal is to bring infrastructure under Terraform control, that has thus far been provisioned outside of Terraform.We’re going to use the Terraform import workflow:Terraform import&nbsp;workflowThese are the import&nbsp;steps:Identify the existing infrastructure to be imported.Import the infrastructure into your Terraform state.Write a Terraform configuration that matches that infrastructure.Review the Terraform plan to ensure that the configuration matches the expected state and infrastructure.Apply the configuration to update your Terraform state.Identify the existing infrastructure to be&nbsp;importedTwo GCE instances have already been created. Examine one of the existing instances, tf-instance-1 in the Cloud Console. We want to retrieve:NetworkMachine typeDiskNext we need to include two calls to our instances module in our main.tf. They will contain empty definitions, so that we can&nbsp;import.module "tf_instance_1" {  source        = "./modules/instances"  instance_name = "tf-instance-1"  zone          = var.zone  region        = var.region}module "tf_instance_2" {  source        = "./modules/instances"  instance_name = "tf-instance-2"  zone          = var.zone  region        = var.region}Remember that each module definition must have a unique&nbsp;label.Now initialise:terraform initNow we write the module configurations in instances.tf. We’re told the arguments that need to be included in our minimal configuration:resource "google_compute_instance" "instance" {  name         = var.instance_name  machine_type = "hard code from existing instance"  zone         = var.zone  boot_disk {    initialize_params {      # image = "debian-cloud/debian-11"      image = "hard code from existing instance"    }  }  network_interface {    # network = "default"    network = "hard code from existing instance"    access_config {      // Ephemeral public IP    }  }  metadata_startup_script = &lt;&lt;-EOT          #!/bin/bash      EOT  allow_stopping_for_update = true}Update variables.tf in the instance module, so we can pass in the instance_name:variable "instance_name" {  description = "The name of the instance."  type        = string}Import the Existing Infrastructure into Terraform Stateterraform import module.tf_instance_1.google_compute_instance.instance \  projects/$prj/zones/$zone/instances/tf-instance-1terraform import module.tf_instance_2.google_compute_instance.instance \  projects/$prj/zones/$zone/instances/tf-instance-2# verify the importterraform showThe import should look like&nbsp;this:terraform importPlan and&nbsp;ApplyNow we update the instances in-place by running the&nbsp;apply:terraform planterraform applyTask 3 — Configure a Remote&nbsp;BackendThis is pretty easy. These are standard steps that you would run whenever we want to store Terraform state in a remote GCS&nbsp;backend:Provision a GCS bucket with Terraform.Add a backend block that points to the new GCS&nbsp;bucket.Reinitialise Terraform and migrate the state from the local state file to the remote&nbsp;backend.Provision the GCS&nbsp;BucketAdd this resource definition to&nbsp;main.tf:resource "google_storage_bucket" "test-bucket-for-state" {  name        = "Bucket Name You Are Given"  location    = "US"  uniform_bucket_level_access = true  force_destroy = true}And apply:terraform applyAdd the GCS&nbsp;BackendModify main.tf and include the backend in the terraform block:terraform {  backend "gcs" {    bucket  = var.project_id    prefix  = "terraform/state"  }}Migrate the&nbsp;StateThis is where we migrate the Terraform state from the local state file into the GCS&nbsp;backend:terraform init -migrate-stateIt will ask you to confirm you want to migrate the&nbsp;state:Migrating Terraform stateTask 4 — Modify and Update the InfrastructureWe need to update variables.tf to include a machine_type:variable "machine_type" {  description = "The machine type of an instance"  type        = string  default     = "e2-standard-2"}Then we need to modify instance.tf so that it can accept a machine_type parameter:resource "google_compute_instance" "instance" {  name         = var.instance_name  machine_type = var.machine_type  zone         = var.zone  ...Lastly, we need to modify main.tf such that we add the specified third instance to our main.tf, by calling the module for a third time. We don’t need to pass in the machine_type, as we’ve already set it to have a&nbsp;default.Now initialise (because we’ve added another module instance) and&nbsp;apply.terraform initterraform applyTask 5 — Destroy ResourcesNow we remove the instance we previously added. Remove the call to this module from main.tf, then&nbsp;reapply:terraform initterraform applyTask 6 — Use a Module from the&nbsp;RegistryWe’re going to use the Google Network&nbsp;Module.module "network" {  source  = "terraform-google-modules/network/google"  version = "6.0.0"  project_id   = var.project_id  network_name = "Use Supplied VPC Name"  routing_mode = "GLOBAL"  subnets = [    {      subnet_name           = "subnet-01"      subnet_ip             = "10.10.10.0/24"      subnet_region         = var.region    },    {      subnet_name           = "subnet-02"      subnet_ip             = "10.10.20.0/24"      subnet_region         = var.region    }  ]}Initialise and&nbsp;apply:terraform initterraform applyUpdate instances module to take a network parameter and a subnet parameter.In variables.tf:variable "network" {  description = "The network"  type        = string}variable "subnet" {  description = "The subnet"  type        = string}In instance.tf:network_interface {  network = var.network  subnetwork = var.subnet  access_config {    // Ephemeral public IP  }}Then update main.tf to create the instances like&nbsp;this:module "tf_instance_1" {  source        = "./modules/instances"  instance_name = "tf-instance-1"  zone          = var.zone  region        = var.region  network       = module.network.network_name  subnet        = "subnet-01"}module "tf_instance_2" {  source        = "./modules/instances"  instance_name = "tf-instance-2"  zone          = var.zone  region        = var.region  network       = module.network.network_name  subnet        = "subnet-02"}terraform initterraform applyTask 7 — Add a&nbsp;FirewallUpdate main.tf:resource "google_compute_firewall" "default" {  name          = "tf-firewall"  network       = module.network.network_name  direction     = "INGRESS"  source_ranges = ["0.0.0.0/0"]  allow {    protocol = "tcp"    ports    = ["80"]  }}And one last&nbsp;apply…terraform applyAnd we’re&nbsp;done!Build Infrastructure on Google Cloud with Terraform — Google Challenge Lab Walkthrough was originally published in Google Cloud - Community on Medium, where people are continuing the conversation by highlighting and responding to this story.
[/content]

Author: Dazbo (Darren Lester)
PublishedDate: 2024-04-05
Category: Blogs
NewsPaper: Google Cloud - Medium
Tags: challenge-lab, google-cloud-platform, terraform, infrastructure, terraform-import

{"id"=>6320,
"title"=>"Build Infrastructure on Google Cloud with Terraform — Google Challenge Lab Walkthrough",
"summary"=>nil,
"content"=>"

Build Infrastructure on Google Cloud with Terraform — Google Challenge Lab Walkthrough

This is a walkthrough of the challenge lab from the course Build Infrastructure with Terraform on Google Cloud.

This lab tests your ability to:

Import existing infrastructure into your Terraform configuration.
Build and reference your own Terraform modules.
Add a remote backend to your configuration.
Use and implement a module from the Terraform Registry.
Re-provision, destroy, and update infrastructure.
Test connectivity between the resources you’ve created.

Intro to Challenge Labs

Google provides an online learning platform called Google Cloud Skills Boost, formerly known as QwikLabs. On this platform, you can follow training courses aligned to learning paths, to particular products, or for particular solutions.

One type of learning experience on this platform is called a quest. This is where you complete a number of guided hands-on labs, and then finally complete a Challenge Lab. The challenge lab differs from the other labs in that goals are specified, but very little guidance on how to achieve the goals is given.

I occasionally create walkthroughs of these challenge labs. The goal is not to help you cheat your way through the challenge labs! But rather:

To show you what I believe to be an ideal route through the lab.
To help you with particular gotchas or blockers that are preventing you from completing the lab on your own.

If you’re looking for help with challenge lab, then you’ve come to the right place. But I strongly urge you to work your way through the quest first, and to try the lab on your own, before reading further!

With all these labs, there are always many ways to go about solving the problem. I generally like to solve them using the Cloud Shell, since I can then document a more repeatable and programmatic approach. But of course, you can use the Cloud Console too.

Overview of this Lab

In this lab we’re expected to use Terraform to create, deploy and manage infrastructure on Google Cloud. We also need to import some mismanaged instances into our configuration and fix them.

My Solution

Let’s start by defining some variables we can use throughout this challenge. The actual variables will be provided to you when you start the lab.

gcloud auth list

region=<ENTER REGION>
zone=<ENTER ZONE>
prj=<ENTER PRJ ID>

Task 1 — Create the Configuration Files

We’re told to create this folder structure:

main.tf
variables.tf
modules/
└── instances
|   ├── instances.tf
|   ├── outputs.tf
|   └── variables.tf
└── storage
    ├── storage.tf
    ├── outputs.tf
    └── variables.tf

We can do it like this:

# Create main.tf and variables.tf in the root directory
touch main.tf variables.tf

# Create main directory and its files
mkdir -p modules/instances
mkdir modules/storage

# Create the required files in the 'instances' module directory
touch modules/instances/instances.tf
touch modules/instances/outputs.tf
touch modules/instances/variables.tf

# Create the required files in the 'storage' module directory
touch modules/storage/storage.tf
touch modules/storage/outputs.tf
touch modules/storage/variables.tf

Now we update the variables.tf files to contain these variables:

variable "region" {
  description = "The Google Cloud region"
  type        = string
  default     = "Lab-supplied region"
}

variable "zone" {
  description = "The Google Cloud zone"
  type        = string
  default     = "Lab-supplied zone"
}

variable "project_id" {
  description = "The ID of the project in which to provision resources."
  type        = string
  default     = "Your project ID"
}

Update the root module main.tf to include the Google Cloud Provider, which you can always look up in the Terraform Registry. We’re asked to include all three of our variables in our provider block.

terraform {
  required_providers {
    google = {
      source = "hashicorp/google"
    }
  }
}

provider "google" {
  project     = var.project_id
  region      = var.region
  zone        = var.zone
}

Now we need to initialise Terraform. So run this command:

terraform init

Task 2 — Import Infrastructure

Here, the goal is to bring infrastructure under Terraform control, that has thus far been provisioned outside of Terraform.

We’re going to use the Terraform import workflow:

These are the import steps:

Identify the existing infrastructure to be imported.
Import the infrastructure into your Terraform state.
Write a Terraform configuration that matches that infrastructure.
Review the Terraform plan to ensure that the configuration matches the expected state and infrastructure.
Apply the configuration to update your Terraform state.

Identify the existing infrastructure to be imported

Two GCE instances have already been created. Examine one of the existing instances, tf-instance-1 in the Cloud Console. We want to retrieve:

Network
Machine type
Disk

Next we need to include two calls to our instances module in our main.tf. They will contain empty definitions, so that we can import.

module "tf_instance_1" {
  source        = "./modules/instances"
  instance_name = "tf-instance-1"
  zone          = var.zone
  region        = var.region
}

module "tf_instance_2" {
  source        = "./modules/instances"
  instance_name = "tf-instance-2"
  zone          = var.zone
  region        = var.region
}

Remember that each module definition must have a unique label.

Now initialise:

terraform init

Now we write the module configurations in instances.tf. We’re told the arguments that need to be included in our minimal configuration:

resource "google_compute_instance" "instance" {
  name         = var.instance_name
  machine_type = "hard code from existing instance"
  zone         = var.zone

  boot_disk {
    initialize_params {
      # image = "debian-cloud/debian-11"
      image = "hard code from existing instance"
    }
  }

  network_interface {
    # network = "default"
    network = "hard code from existing instance"
    access_config {
      // Ephemeral public IP
    }
  }

  metadata_startup_script = <<-EOT
          #!/bin/bash
      EOT
  allow_stopping_for_update = true
}

Update variables.tf in the instance module, so we can pass in the instance_name:

variable "instance_name" {
  description = "The name of the instance."
  type        = string
}

Import the Existing Infrastructure into Terraform State

terraform import module.tf_instance_1.google_compute_instance.instance \\
  projects/$prj/zones/$zone/instances/tf-instance-1

terraform import module.tf_instance_2.google_compute_instance.instance \\
  projects/$prj/zones/$zone/instances/tf-instance-2

# verify the import
terraform show

The import should look like this:

Plan and Apply

Now we update the instances in-place by running the apply:

terraform plan
terraform apply

Task 3 — Configure a Remote Backend

This is pretty easy. These are standard steps that you would run whenever we want to store Terraform state in a remote GCS backend:

Provision a GCS bucket with Terraform.
Add a backend block that points to the new GCS bucket.
Reinitialise Terraform and migrate the state from the local state file to the remote backend.

Provision the GCS Bucket

Add this resource definition to main.tf:

resource "google_storage_bucket" "test-bucket-for-state" {
  name        = "Bucket Name You Are Given"
  location    = "US"
  uniform_bucket_level_access = true

  force_destroy = true
}

And apply:

terraform apply

Add the GCS Backend

Modify main.tf and include the backend in the terraform block:

terraform {
  backend "gcs" {
    bucket  = var.project_id
    prefix  = "terraform/state"
  }
}

Migrate the State

This is where we migrate the Terraform state from the local state file into the GCS backend:

terraform init -migrate-state

It will ask you to confirm you want to migrate the state:

Task 4 — Modify and Update the Infrastructure

We need to update variables.tf to include a machine_type:

variable "machine_type" {
  description = "The machine type of an instance"
  type        = string
  default     = "e2-standard-2"
}

Then we need to modify instance.tf so that it can accept a machine_type parameter:

resource "google_compute_instance" "instance" {
  name         = var.instance_name
  machine_type = var.machine_type
  zone         = var.zone

  ...

Lastly, we need to modify main.tf such that we add the specified third instance to our main.tf, by calling the module for a third time. We don’t need to pass in the machine_type, as we’ve already set it to have a default.

Now initialise (because we’ve added another module instance) and apply.

terraform init
terraform apply

Task 5 — Destroy Resources

Now we remove the instance we previously added. Remove the call to this module from main.tf, then reapply:

terraform init
terraform apply

Task 6 — Use a Module from the Registry

We’re going to use the Google Network Module.

module "network" {
  source  = "terraform-google-modules/network/google"
  version = "6.0.0"

  project_id   = var.project_id
  network_name = "Use Supplied VPC Name"
  routing_mode = "GLOBAL"

  subnets = [
    {
      subnet_name           = "subnet-01"
      subnet_ip             = "10.10.10.0/24"
      subnet_region         = var.region
    },
    {
      subnet_name           = "subnet-02"
      subnet_ip             = "10.10.20.0/24"
      subnet_region         = var.region
    }
  ]
}

Initialise and apply:

terraform init
terraform apply

Update instances module to take a network parameter and a subnet parameter.

In variables.tf:

variable "network" {
  description = "The network"
  type        = string
}

variable "subnet" {
  description = "The subnet"
  type        = string
}

In instance.tf:

network_interface {
  network = var.network
  subnetwork = var.subnet

  access_config {
    // Ephemeral public IP
  }
}

Then update main.tf to create the instances like this:

module "tf_instance_1" {
  source        = "./modules/instances"
  instance_name = "tf-instance-1"
  zone          = var.zone
  region        = var.region

  network       = module.network.network_name
  subnet        = "subnet-01"
}

module "tf_instance_2" {
  source        = "./modules/instances"
  instance_name = "tf-instance-2"
  zone          = var.zone
  region        = var.region
  network       = module.network.network_name
  subnet        = "subnet-02"
}

terraform init
terraform apply

Task 7 — Add a Firewall

Update main.tf:

resource "google_compute_firewall" "default" {
  name          = "tf-firewall"
  network       = module.network.network_name
  direction     = "INGRESS"
  source_ranges = ["0.0.0.0/0"]

  allow {
    protocol = "tcp"
    ports    = ["80"]
  }
}

And one last apply…

terraform apply

And we’re done!

$\"\"$

Build Infrastructure on Google Cloud with Terraform — Google Challenge Lab Walkthrough was originally published in Google Cloud - Community on Medium, where people are continuing the conversation by highlighting and responding to this story.

",
"author"=>"Dazbo (Darren Lester)",
"link"=>"https://medium.com/google-cloud/build-infrastructure-on-google-cloud-with-terraform-google-challenge-lab-walkthrough-30a592373d3e?source=rss----e52cf94d98af---4",
"published_date"=>Fri, 05 Apr 2024 04:49:54.000000000 UTC +00:00,
"image_url"=>nil,
"feed_url"=>"https://medium.com/google-cloud/build-infrastructure-on-google-cloud-with-terraform-google-challenge-lab-walkthrough-30a592373d3e?source=rss----e52cf94d98af---4",
"language"=>nil,
"active"=>true,
"ricc_source"=>"feedjira::v1",
"created_at"=>Fri, 05 Apr 2024 07:23:01.520827000 UTC +00:00,
"updated_at"=>Mon, 21 Oct 2024 18:52:36.679100000 UTC +00:00,
"newspaper"=>"Google Cloud - Medium",
"macro_region"=>"Blogs"}

Edit this article

Back to articles