DEV Community

chauhoangminhnguyen
chauhoangminhnguyen

Posted on • Updated on • Originally published at howtodevez.blogspot.com

Using Terraform to Create VM Instances and Connect via SSH

Introduction

In the previous article, I introduced some basic concepts about Terraform, as well as the advantages of using Terraform. If you're not familiar with it yet, take a look to get some basic knowledge before diving into the next topics.

In this article, I will guide you through writing Terraform files to deploy a Virtual Machine (VM) instance to the Google Cloud Platform.

Terraform SSH Virtual Machine

Creating a Service Account

If you already have a Google Cloud account with the necessary permissions, you can log in to work with Terraform as I instructed in the previous article. However, if for some reason you can't log in, or if you need a better authentication method, you can create a Service Account to use.

In simple terms, a Google Cloud account is allowed to create Service Accounts. Each Service Account is assigned roles, and each role has corresponding permissions allowing the Service Account to perform specific tasks based on permissions.

To create a Service Account, use the following command:

gcloud iam service-accounts create {service account username} \
    --display-name={account display name} \
    --project={project id}
Enter fullscreen mode Exit fullscreen mode

Next, create a JSON-formatted key file:

# gcloud iam service-accounts keys create {directory to json file} \
#     --iam-account={service account username}@{project id}.iam.gserviceaccount.com \
#     --project={project id}

# ex:
gcloud iam service-accounts keys create ./service-account.json \
    --iam-account={service account username}@{project id}.iam.gserviceaccount.com \
    --project={project id}
Enter fullscreen mode Exit fullscreen mode

After executing this command, a file named service-account.json will be created for us to use in the Terraform project.

Setting up roles for the Service Account

gcloud projects add-iam-policy-binding {project id} \
    --member=serviceAccount:{service account username}@{project id}.iam.gserviceaccount.com \
    --role=roles/{role}
Enter fullscreen mode Exit fullscreen mode

Here, to have management rights in Compute Engine, you need to set the role to --role=roles/compute.admin.

Creating a Terraform Project

First, create a file named provider.tf to define the cloud provider and information about credentials.

terraform {
  required_providers {
    google = {
      source  = "hashicorp/google"
      version = "5.18.0"
    }
  }
}

provider "google" {
  credentials = file("${path.module}/service-account.json")
  project = var.projectId
  region  = var.region
}
Enter fullscreen mode Exit fullscreen mode

Here, use the service-account.json file created from the Service Account initialization step.

Next, create the variables.tf file.

variable "projectId" {
  type    = string
}

variable "region" {
  type        = string
  description = "Region"
}

variable "zone" {
  type        = string
  description = "Zone"
}

variable "computeInstanceName" {
  type        = string
  description = "Compute Instance Name"
}

variable "machineType" {
  type        = string
  description = "Machine Type"
}
Enter fullscreen mode Exit fullscreen mode

Create the terraform.tfvars file to define default values. You can modify the values according to your needs.

projectId = "project id"

region   = "asia-southeast1"
zone     = "asia-southeast1-a"

computeInstanceName = "compute-instance-name"
machineType         = "e2-micro"
Enter fullscreen mode Exit fullscreen mode

Finally, create the main.tf file to initialize the compute instance as follows:

resource "google_compute_instance" "default" {
  name         = var.computeInstanceName
  machine_type = var.machineType
  zone         = var.zone

  tags = ["http-server", "https-server"]

  boot_disk {
    initialize_params {
      image = "debian-cloud/debian-10"
    }
  }

  network_interface {
    network = "default"
  }
}
Enter fullscreen mode Exit fullscreen mode

Execute the Terraform command

Then, execute the following commands one by one to apply the configuration to Google Cloud.

# This command initializes a working directory containing Terraform configuration files

# This command initializes a working directory containing Terraform configuration files
terraform init

# This command executes the actions proposed in a Terraform plan
terraform apply
Enter fullscreen mode Exit fullscreen mode

Once you see the result as follows, the VM instance has been successfully initialized:

Terraform apply resource

SSH Connection

I will guide you through two simple ways to connect via SSH:

1. Using Cloud Shell:

On the Google Cloud web page UI, simply click on the SSH icon to connect.

Google Compute Engine

2. Using the gcloud terminal:

Another way to directly connect via SSH from your local machine is by using the following gcloud command:

gcloud compute ssh {compute instance name} --zone={zone}
Enter fullscreen mode Exit fullscreen mode

If you want to view a list of existing compute instances, use the following command:

Google Compute Instance List

If you found value in this post, show your appreciation by sharing and commenting!


If you found this content helpful, please visit the original article on my blog to support the author and explore more interesting content.

BlogspotDev.toFacebookX

Top comments (0)