Terraform Essentials: VPC and Subnet - gem-terraform-vpc-create

David NguyenDavid Nguyen
5 min read

Table of contents

Activate Cloud Shell

Cloud Shell is a virtual machine that is loaded with development tools. It offers a persistent 5GB home directory and runs on the Google Cloud. Cloud Shell provides command-line access to your Google Cloud resources.

  1. Click Activate Cloud Shell

    Activate Cloud Shell icon

    at the top of the Google Cloud console.

When you are connected, you are already authenticated, and the project is set to your PROJECT_ID. The output contains a line that declares the PROJECT_ID for this session:

Your Cloud Platform project in this session is set to YOUR_PROJECT_ID

gcloud is the command-line tool for Google Cloud. It comes pre-installed on Cloud Shell and supports tab-completion.

  1. (Optional) You can list the active account name with this command:
gcloud auth list

  1. Click Authorize.

  2. Your output should now look like this:

Output:

ACTIVE: *
ACCOUNT: student-01-xxxxxxxxxxxx@qwiklabs.net

To set the active account, run:
    $ gcloud config set account `ACCOUNT`
  1. (Optional) You can list the project ID with this command:
gcloud config list project

Output:

[core]
project = <project_ID>

Example output:

[core]
project = qwiklabs-gcp-44776a13dea667a6

Note: For full documentation of gcloud, in Google Cloud, refer to the gcloud CLI overview guide.

Overview

In this lab, you will learn how to use HashiCorp Terraform to provision a custom Virtual Private Cloud (VPC) network in Google Cloud. You will define the network, subnets, and firewall rules using Terraform configuration files, and store the Terraform state in a Google Cloud Storage bucket. This lab assumes you have basic familiarity with Google Cloud and Terraform concepts.

Task 1. Setting Up Your Environment

Before you begin, configure your environment for Terraform and Google Cloud. This includes setting the project ID, region, and zone, as well as creating a Cloud Storage bucket to store the Terraform state.

  1. Set your project ID: qwiklabs-gcp-01-da64924e1c64

     gcloud config set project qwiklabs-gcp-01-da64924e1c64

    Note:
    Replace PROJECT_ID with your actual Google Cloud project ID.

  2. Set your default region to: us-west1

     gcloud config set compute/region us-west1

    Note:
    Replace REGION with your desired Google Cloud region (e.g., us-central1).

  3. Set your default zone to: us-west1-a

     gcloud config set compute/zone us-west1-a

    Note:
    Replace ZONE with your desired Google Cloud zone (e.g., us-central1-a).

  4. Create a Cloud Storage bucket to store the Terraform state. The bucket name should be prefixed with your project ID: <ql-variable>project_0.project_id</ql-variable>-terraform-state

     gcloud storage buckets create gs://qwiklabs-gcp-01-da64924e1c64-terraform-state --project=qwiklabs-gcp-01-da64924e1c64 --location=us

    Note:
    This command creates a Cloud Storage bucket in the us location. Consider using a region closer to you.

  5. Enable the Cloud Resource Manager API.

     gcloud services enable cloudresourcemanager.googleapis.com --project=qwiklabs-gcp-01-da64924e1c64

Task 2. Creating the Terraform Configuration

Now, create the Terraform configuration files to define your custom VPC network. These files will specify the network name, subnets, IP address ranges, and firewall rules.

  1. Create a file named main.tf with the following content:

     terraform {
   required_providers {
     google = {
       source  = "hashicorp/google"
       version = "~> 4.0"
     }
   }
   backend "gcs" {
     bucket = "qwiklabs-gcp-01-da64924e1c64-terraform-state"
     prefix = "terraform/state"
   }
 }

 provider "google" {
   project = "qwiklabs-gcp-01-da64924e1c64"
   region  = "us-west1"
 }

 resource "google_compute_network" "vpc_network" {
   name                    = "custom-vpc-network"
   auto_create_subnetworks = false
 }

 resource "google_compute_subnetwork" "subnet_us" {
   name            = "subnet-us"
   ip_cidr_range   = "10.10.1.0/24"
   region          = "us-west1"
   network         = google_compute_network.vpc_network.id
 }

 resource "google_compute_firewall" "allow_ssh" {
   name    = "allow-ssh"
   network = google_compute_network.vpc_network.name
   allow {
     protocol = "tcp"
     ports    = ["22"]
   }
   source_ranges = ["0.0.0.0/0"]
 }

 resource "google_compute_firewall" "allow_icmp" {
   name    = "allow-icmp"
   network = google_compute_network.vpc_network.name

   allow {
     protocol = "icmp"
   }
   source_ranges = ["0.0.0.0/0"]
 }

    Note:
    This configuration enables firewall policies for the VPC.

  2. Create a variables.tf file:

     variable "project_id" {
   type        = string
   description = "The ID of the Google Cloud project"
   default     = "qwiklabs-gcp-01-da64924e1c64"
 }

 variable "region" {
   type        = string
   description = "The region to deploy resources in"
   default     = "us-west1"
 }

    Note:
    This declares variables. It is good practice.

  3. Create an outputs.tf file:

     output "network_name" {
   value       = google_compute_network.vpc_network.name
   description = "The name of the VPC network"
 }

 output "subnet_name" {
   value       = google_compute_subnetwork.subnet_us.name
   description = "The name of the subnetwork"
 }

    Note:
    This declares output variables. It is good practice.

Task 3. Deploying the VPC Network

With the Terraform configuration files created, you can now initialize Terraform, plan the changes, and apply the configuration to provision the VPC network in your Google Cloud project.

  1. Initialize Terraform:

     terraform init

    Note:
    This command initializes Terraform and downloads the necessary provider plugins.

  2. Plan the changes:

     terraform plan

    Note:
    This command creates an execution plan, showing the changes that Terraform will make to your infrastructure.

  3. Apply the configuration:

     terraform apply --auto-approve

    Note:
    This command applies the changes defined in the Terraform configuration files to provision the VPC network.

Task 4. Verifying the VPC Network

After the Terraform configuration is applied, verify that the VPC network, subnet, and firewall rules have been created correctly in your Google Cloud project.

  1. Navigate to the VPC networks page in the Google Cloud Console.

    Note:
    Go to Networking > VPC networks.

  2. Verify that the custom-vpc-network network exists.

    Note:
    Check that the VPC network you defined in the terraform config is present.

  3. Navigate to the Subnets page and verify that the subnet-us subnet exists.

    Note:
    Go to Networking > VPC networks > Subnetworks.

  4. Navigate to the Firewall rules page and verify that the allow-ssh and allow-icmp firewall rules exist.

    Note:
    Go to Networking > Firewall.

Task 5. Cleaning Up Resources

To avoid incurring unnecessary costs, destroy the resources created in this lab when you are finished.

  1. Destroy the resources:

     terraform destroy --auto-approve

    Note:
    This command destroys all the resources managed by Terraform in your Google Cloud project.

Solution of Lab

https://youtu.be/EvDgV5APtNw

curl -LO raw.githubusercontent.com/ePlus-DEV/storage/refs/heads/main/labs/gem-terraform-vpc-create/lab.sh
sudo chmod +x lab.sh
./lab.sh
0
Subscribe to my newsletter

Read articles from David Nguyen directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Terraform Essentials: VPC and Subnet - gem-terraform-vpc-creategem-terraform-vpc-createTerraform Essentials: VPC and SubnetVPC and SubnetTerraform EssentialsvpcsubnetTerraform

Written by

David Nguyen
David Nguyen

A passionate full-stack developer from @ePlus.DEV