Using Terraform to Create VM Instances and Connect via SSH

Introduction

In the previous article, I introduced some basic concepts about Terraform, as well as the advantages of using Terraform. If you're not familiar with it yet, take a look to get some basic knowledge before diving into the next topics.

In this article, I will guide you through writing Terraform files to deploy a Virtual Machine (VM) instance to the Google Cloud Provider.


Creating a Service Account

If you already have a Google Cloud account with the necessary permissions, you can log in to work with Terraform as I instructed in the previous article. However, if for some reason you can't log in, or if you need a better authentication method, you can create a Service Account to use.

In simple terms, a Google Cloud account is allowed to create Service Accounts. Each Service Account is assigned roles, and each role has corresponding permissions allowing the Service Account to perform specific tasks based on permissions.

To create a Service Account, use the following command:

gcloud iam service-accounts create {service account username} \
--display-name={account display name} \
--project={project id}


Next, create a JSON-formatted key file:

# gcloud iam service-accounts keys create {directory to json file} \
# --iam-account={service account username}@{project id}.iam.gserviceaccount.com \
# --project={project id}

# ex:
gcloud iam service-accounts keys create ./service-account.json \
--iam-account={service account username}@{project id}.iam.gserviceaccount.com \
--project={project id}

After executing this command, a file named `service-account.json` will be created for us to use in the Terraform project.


Setting up roles for the Service Account

gcloud projects add-iam-policy-binding {project id} \
--member=serviceAccount:{service account username}@{project id}.iam.gserviceaccount.com \
--role=roles/{role}

Here, to have management rights in Compute Engine, you need to set the role to `--role=roles/compute.admin`.


Creating a Terraform Project

First, create a file named `provider.tf` to define the cloud provider and information about credentials.

terraform {
required_providers {
google = {
source = "hashicorp/google"
version = "5.18.0"
}
}
}

provider "google" {
credentials = file("${path.module}/service-account.json")
project = var.projectId
region = var.region
}

Here, use the `service-account.json` file created from the Service Account initialization step.


Next, create the `variables.tf` file.

variable "projectId" {
type = string
}

variable "region" {
type = string
description = "Region"
}

variable "zone" {
type = string
description = "Zone"
}

variable "computeInstanceName" {
type = string
description = "Compute Instance Name"
}

variable "machineType" {
type = string
description = "Machine Type"
}


Create the `terraform.tfvars` file to define default values. You can modify the values according to your needs.

projectId = "project id"

region = "asia-southeast1"
zone = "asia-southeast1-a"

computeInstanceName = "compute-instance-name"
machineType = "e2-micro"


Finally, create the `main.tf` file to initialize the compute instance as follows:

resource "google_compute_instance" "default" {
name = var.computeInstanceName
machine_type = var.machineType
zone = var.zone

tags = ["http-server", "https-server"]

boot_disk {
initialize_params {
image = "debian-cloud/debian-10"
}
}

network_interface {
network = "default"
}
}


Execute the Terraform command

Then, execute the following commands one by one to apply the configuration to Google Cloud.

# This command initializes a working directory containing Terraform configuration files
terraform init

# This command executes the actions proposed in a Terraform plan
terraform apply


Once you see the result as follows, the VM instance has been successfully initialized:


SSH Connection

I will guide you through two simple ways to connect via SSH:

1. Using Cloud Shell:

On the Google Cloud web page UI, simply click on the SSH icon to connect.


2. Using the gcloud terminal:

Another way to directly connect via SSH from your local machine is by using the following gcloud command:

gcloud compute ssh {compute instance name} --zone={zone}


If you want to view a list of existing compute instances, use the following command:


If you found value in this post, show your appreciation by sharing and commenting!

Comments

Popular posts from this blog

Kubernetes Practice Series

NodeJS Practice Series

Docker Practice Series

React Practice Series

Sitemap

Setting up Kubernetes Dashboard with Kind

Deploying a NodeJS Server on Google Kubernetes Engine

DevOps Practice Series

Create API Gateway with fast-gateway

A Handy Guide to Using Dynamic Import in JavaScript