Issue a certificate using Terraform
Learn how to use Terraform with Certificate Authority Service to do the following:
- Create a certificate authority (CA) pool.
- Create a CA in the new CA pool.
- Generate a new Certificate Signing Request (CSR).
- Use the generated CSR to request a certificate from the new CA pool.
Terraform is an open-source software that lets you create and manage your CA Service resources using its infrastructure-as-code paradigm. This quickstart uses the Google Cloud Terraform Provider for Terraform.
To follow step-by-step guidance for this task directly in the Google Cloud console, click Guide me:
Before you begin
Make sure that you have the CA Service Admin (roles/privateca.admin
)
IAM role. If you don't have this IAM role, read
Grant a single role
for information about granting this role.
Create a Google Cloud project
- Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.
-
In the Google Cloud console, on the project selector page, select or create a Google Cloud project.
-
Make sure that billing is enabled for your Google Cloud project.
-
Enable the CA Service API.
-
In the Google Cloud console, on the project selector page, select or create a Google Cloud project.
-
Make sure that billing is enabled for your Google Cloud project.
-
Enable the CA Service API.
Install the Google Cloud CLI
If you haven't already, install the Google Cloud CLI. When prompted, choose the project that you selected or created earlier.
If you already have the Google Cloud CLI installed, update it by running the
gcloud components update
command:
gcloud components update
Terraform configuration sample
Run the Terraform configuration file
To apply your Terraform configuration in a Google Cloud project, complete the steps in the following sections.
Prepare Cloud Shell
- Launch Cloud Shell.
-
Set the default Google Cloud project where you want to apply your Terraform configurations.
You only need to run this command once per project, and you can run it in any directory.
export GOOGLE_CLOUD_PROJECT=PROJECT_ID
Environment variables are overridden if you set explicit values in the Terraform configuration file.
Prepare the directory
Each Terraform configuration file must have its own directory (also called a root module).
-
In Cloud Shell, create a directory and a new
file within that directory. The filename must have the
.tf
extension—for examplemain.tf
. In this tutorial, the file is referred to asmain.tf
.mkdir DIRECTORY && cd DIRECTORY && touch main.tf
-
If you are following a tutorial, you can copy the sample code in each section or step.
Copy the sample code into the newly created
main.tf
.Optionally, copy the code from GitHub. This is recommended when the Terraform snippet is part of an end-to-end solution.
- Review and modify the sample parameters to apply to your environment.
- Save your changes.
-
Initialize Terraform. You only need to do this once per directory.
terraform init
Optionally, to use the latest Google provider version, include the
-upgrade
option:terraform init -upgrade
Apply the changes
-
Review the configuration and verify that the resources that Terraform is going to create or
update match your expectations:
terraform plan
Make corrections to the configuration as necessary.
-
Apply the Terraform configuration by running the following command and entering
yes
at the prompt:terraform apply
Wait until Terraform displays the "Apply complete!" message.
- Open your Google Cloud project to view the results. In the Google Cloud console, navigate to your resources in the UI to make sure that Terraform has created or updated them.
Clean Up
To avoid incurring charges to your Google Cloud account for the resources used in this quickstart, delete your CA pool and all the resources defined in the Terraform configuration file:
terraform destroy
When prompted, enter yes
.
If you created a new project for this quickstart and you no longer need it, then delete the project.
What's next
- Learn more about running
gcloud
commands with Cloud Shell. - Learn more about using Terraform with Google Cloud.
- Learn more about using Terraform with CA Service.
- Read the Terraform documentation about CA Service support.
- Get started with the Google Cloud Provider.