What is VPC?
VPC is Virtual Private Cloud is a Secure, isolated private cloud hosted within the public cloud. Google Cloud VPC provides the networking functionality to Compute VM Instances, GKE Clusters.
VPCs are software versions of physical networks that link resources in a project. GCP
automatically creates a VPC when you create a project. You can create additional VPCs and
modify the VPCs created by GCP.
VPCs are global resources, so they are not tied to a specific region or zone. Resources,
such as Compute Engine virtual machines (VMs) and Kubernetes Engine clusters, can
communicate with each other, assuming traffic is not blocked by a firewall rule.
What is Subnet in VPC?
VPCs contain subnetworks, call subnets, which are regional resources. Subnets have
a range of IP addresses associated with them. Subnets provide private internal addresses.
Resources use these addresses to communicate with each other and with Google APIs and
services.
In addition to VPCs associated with projects, you can create a shared VPC within
an organization. The shared VPC is hosted in a common project. Users in other proj
ects who have sufficient permissions can create resources in the shared VPC. You
can also use VPC peering for interproject connectivity, even if an organization is not
defined.
In this section, you will create a VPC with subnets using terraform
Prerequisite
- Create a Service account
- Make sure you have the terraform installed
Create a Service Account
To create a service account you can follow these steps-
- From the Google Cloud console’s main navigation, choose IAM & Admin > Service Accounts.
- Click Create service account.
- Give your service account a name.
- Click Create.
- In the roles dropdown, select Project > Owner.
- Click Continue and then Done.
After creating a service account, make sure to create keys that will be used for authentication while creating resources with Terraform. to create keys you can go into the service account, and under the keys tab, you will get an option to create keys, and download it in JSON format, Also make sure your service account has proper permission, if not then giving editor role will also work or if you want you can give specific permissions.
Add provider
Now create a Main. tf file and add the following code in that
First of all you need to define the provider
provider "google" {
credentials = file("~/gcp/access-keys.json")
project = "give your project ID here"
region = "asia-northeast1"
}
Create a VPC Resource
Here you can see, that we have given the provider name which is google and then given credentials path which is stored in our local machine in JSON format, and then we have added project ID and Region.
Add the resource in the main.tf file, First we will create a vpc resource
resource "google_compute_network" "vpc_network" {
name = "terraform-vpc"
auto_create_subnetworks = "false"
}Here the name we gave is terraform-network and one thing you must remember is name is a required field here for this resource. Also, make sure you disable the auto_create_subnetworks field to false otherwise it will create this resource in every region. Apart from this, you can get many other fields as well which are optional.
Create Subnet Resource for VPC
and we add another resource for sub-network which will create a subnet for us.
resource "google_compute_subnetwork" "public-subnetwork" {
name = "terraform-subnet"
ip_cidr_range = "10.2.0.0/16"
region = "asia-northeast1"
network = google_compute_network.vpc_network.name
}As you can see here the resource name is “google_compute_subnetwork” and here we get the different fields to provide regions where we want to create the subnet and provide the CIDR range and network.
Network (required) – The network to this subnet belongs to. Here we have passed the value from the above resource where we create the network.
Let’s proceed and run terraform init
terraform init
So we will run terraform plan
Now you can verify your terraform plan and make sure these are the resources that you want to create, After this, you can run terraform apply
terraform apply and you will be prompted to enter yes or no, after entering yes you can see it will start creating these resources and within a few mins it will be created.
You can visit the console and verify this also
After the terraform apply command is successful, the current state of your infrastructure is then stored in the terraform.tfstate file in the working directory.
Conclusion
This was all about how you can use terraform to create VPC and manage its state . If you liked this blog please do like , comment and share. This will motivate me to come up with many such blogs.
