GCP Terraform Example — Compute + Storage + Firewall

GCP Terraform Example

This page contains a ready-to-use Terraform configuration that creates a small environment on Google Cloud: a Storage Bucket, a Firewall rule (like an AWS security group), and a small Compute Engine VM (e2-micro) suitable for testing. The configuration intentionally uses values that are easy to change for compliance or security.

Important: Replace YOUR_PROJECT_ID and ensure key.json points to your service account JSON credentials. Keep credentials secret and do not commit them to source control.

Terraform configuration

terraform {
  required_providers {
    google = {
      source  = "hashicorp/google"
      version = "~> 5.0"
    }
  }
}

provider "google" {
  project     = "YOUR_PROJECT_ID"
  region      = "us-central1"      # free tier region
  zone        = "us-central1-a"    # free tier zone
  credentials = file("key.json")   # your service account key
}

# --------------------------
# Storage Bucket (Free Tier)
# --------------------------
resource "google_storage_bucket" "demo_bucket" {
  name     = "my-demo-bucket-${random_id.rand.hex}"
  location = "US"

  storage_class = "STANDARD"
  force_destroy = true
  uniform_bucket_level_access = true
}

# --------------------------
# Firewall (Like Security Group)
# --------------------------
resource "google_compute_firewall" "default_allow_ssh" {
  name    = "allow-ssh"
  network = "default"

  allow {
    protocol = "tcp"
    ports    = ["22"]
  }

  source_ranges = ["0.0.0.0/0"] # 🚨 Open SSH to world (not safe for prod)
  target_tags   = ["ssh-allowed"]
}

# --------------------------
# Compute Instance (Free Tier)
# --------------------------
resource "google_compute_instance" "demo_vm" {
  name         = "demo-vm"
  machine_type = "e2-micro"  # ✅ Always Free tier machine type
  zone         = "us-central1-a"

  tags = ["ssh-allowed"]

  boot_disk {
    initialize_params {
      image = "debian-cloud/debian-11"
      size  = 30   # ✅ Free tier gives you 30GB Persistent Disk
    }
  }

  network_interface {
    network = "default"
    access_config {
      # Ephemeral public IP (free)
    }
  }

  metadata_startup_script = <<-EOT
    #!/bin/bash
    echo "Hello from Terraform VM" > /var/tmp/startup.txt
  EOT
}

# --------------------------
# Random ID for bucket name
# --------------------------
resource "random_id" "rand" {
  byte_length = 4
}

Quick run instructions

Install and configure GCP SDK / Terraform.
Place your service-account JSON next to main.tf as key.json, or update credentials path.
Initialize Terraform:
terraform init
Preview changes:
terraform plan -out=tfplan
Apply (create resources):
terraform apply tfplan
Cleanup:
terraform destroy -auto-approve

Fields & notes

Field	Notes
`machine_type = "e2-micro"`	Always-free eligible machine in some regions (use us-central1).
`source_ranges = ["0.0.0.0/0"]`	Opens SSH to the world — acceptable for quick tests but change to your IP for safety.
`force_destroy = true`	Allows bucket deletion even when it contains objects — useful for cleanup automation.
`credentials = file("key.json")`	Terraform reads your service account key directly — no need to run `gcloud auth` (unless you want to).

Safety tips

Prefer restricting SSH source_ranges to your IP (e.g. ["203.0.113.4/32"]).
Verify billing is enabled on the project; free-tier still requires billing account attached.
Do not commit key.json to version control.

Want this as files?

If you’d like, I can package main.tf and a small README into a downloadable .zip you can extract and run locally — tell me and I’ll prepare it.

Tips to Improve Knowledge

Thursday, 28 August 2025

GCP 1