Provision Compute Engine resources with Terraform

HashiCorp Terraform is an infrastructure-as-code (IaC) tool that lets you provision and manage cloud infrastructure. Terraform provides plugins called providers that let you interact with cloud providers and other APIs. You can use the Terraform provider for Google Cloud to provision and manage Google Cloud resources, including Compute Engine.

How Terraform works

Terraform has a declarative and configuration-oriented syntax, which you can use to describe the infrastructure that you want to provision in your Google Cloud project. After you author this configuration in one or more Terraform configuration files, you can use the Terraform CLI to apply this configuration to your Compute Engine resources.

The following steps explain how Terraform works:

1. You describe the infrastructure you want to provision in a Terraform configuration file. You don't need to write code describing how to provision the infrastructure. Terraform provisions the infrastructure for you.
2. You run the terraform plan command, which evaluates your configuration and generates an execution plan. You can review the plan and make changes as needed.

3. You run the terraform apply command, which performs the following actions:

   1. It provisions your infrastructure based on your execution plan by invoking the corresponding Compute Engine APIs in the background.
   2. It creates a Terraform state file, which is a JSON file that maps the resources in your configuration file to the resources in the real-world infrastructure. Terraform uses this file to keep a record of the most recent state of your infrastructure, and to determine when to create, update, and destroy resources.

   3. When you run terraform apply, Terraform uses the mapping in the state file to compare the existing infrastructure to the code, and make updates as necessary:

      • If a resource object is defined in the configuration file, but doesn't exist in the state file, Terraform creates it.
      • If a resource object exists in the state file, but has a different configuration from your configuration file, Terraform updates the resource to match your configuration file.
      • If a resource object in the state file matches your configuration file, Terraform leaves the resource unchanged.

Terraform-based guides for Compute Engine

The following table lists all Terraform-based how-to guides and tutorials for Compute Engine:

Guide	Details
Create and start a Compute Engine instance	Explains how to create a virtual machine (VM) instance.
Create a VM with Local SSD disks	Explains how you can create a VM with Local SSD disk storage.
Create disk snapshots	Explains how to create standard snapshots to periodically back up data from disks.
Duplicate a disk with clones	Explains how to create zonal disk clones of an existing disk.
Create and manage synchronously replicated disks	Explains how to create and manage replicated disks.
Create and use Spot VMs	Explains how to create and manage Spot VMs. Spot VMs are VM instances that are excess Compute Engine capacity. Spot VMs are available at much lower prices compared to the on-demand price for standard VMs
Add SSH keys to VMs	Describes how to add SSH keys to VM instances that use OS Login and VMs that use metadata-based SSH keys.
Running shutdown scripts	Explains how to create and run shutdown scripts that execute commands right before a VM instance is stopped or restarted.
Create a reservation for a single project	Explains how to create a single-project reservation, which can be consumed only by VM instances in the same project.
Create instance templates	Describes how to create and manage instance templates.
Scaling based on schedules	Describes how you can create scaling schedules for an existing MIG. Schedule-based autoscaling lets you improve the availability of your workloads by scheduling capacity ahead of anticipated load.
Add Persistent Disk storage to your VM	Explains how to create a blank, non-boot zonal Persistent Disk volume and attach it to your VM.
Set up OS Login	Describes how to set up OS Login.
Attach a non-boot disk to a VM	Explains how to attach a non-boot zonal disk to your VM.
Create a VM that uses a user-managed service account	Explains how to create a VM instance that is configured to use a user-managed service account. A service account is a special kind of account typically used by an application or compute workload to make authorized API calls.
Increase the size of a persistent disk	Explains how to increase the size of a persistent disk.
Enable virtual displays on a VM	Describes how to enable virtual displays on a VM instance.
Create a MIG in a single zone	Describes how to create a managed instance group (MIG) in a single zone. Putting all your MIG's VMs in a single zone helps to minimize latency, which is useful for certain workloads—for example, batch workloads.
Create a VM instance with a custom hostname	Explains how to create a VM instance with a custom hostname.
Set up an application-based health check and autohealing	Describes how to set up an application-based health check to autoheal VMs in a MIG.
Create a MIG that uses preemptible VMs	Describes how to create a MIG that uses preemptible VM instances. Preemptible VMs are useful if your workload can tolerate disruptions and you want to take advantage of the cost-savings associated with preemptible VMs.
Add and remove VMs from a MIG	Describes how to add and remove VMs from a MIG.
Create a MIG with autoscaling enabled	Describes how to create an autoscaled MIG that automatically adds and removes VMs based on average CPU utilization across the group.
Create a MIG with stateful disks	Describes how to create a MIG that uses preemptible VM instances. Preemptible VMs are useful if your workload can tolerate disruptions and you want to take advantage of the cost-savings associated with preemptible VMs.
Creating SQL Server VM instances	Explains how to create Microsoft SQL Server VM instances. SQL Server is a database system that runs on Windows Server and some Linux distributions. You can use SQL Server on Compute Engine as part of the backend for your applications, as a flexible development and test environment, or in addition to your on-premises systems for backup and disaster recovery.
Create an OS policy assignment	Explains how to create an OS policy assignment. You can use OS policies to maintain consistent software configurations across Linux and Windows VM instances.
Configuring stateful metadata in MIGs	Describes how to configure stateful metadata in MIGs. Instance metadata is useful for setting properties for and communicating with your applications through the metadata server.
Configuring stateful persistent disks in MIGs	Explains how to configure stateful persistent disks in MIGs. Configuring persistent disks to be stateful lets you benefit from VM instance autohealing and automated updates while preserving the state of the disks.
Configuring stateful IP addresses in MIGs	Describes how to configure stateful IP addresses in MIGs. By configuring stateful IP addresses in a MIG, you ensure that IP addresses are preserved when VM instances in the group are autohealed, updated, and recreated.
Set a target distribution shape for VMs in a regional MIG	Explains how to set a target distribution shape for VMs.
Create a MIG with VMs in multiple zones in a region	Describes how to create a MIG that has its VMs spread across multiple zones in a region. Spreading your application load across multiple zones protects your workload against zonal failures.
Disable and re-enable proactive VM redistribution in a regional MIG	Describes how to disable and re-enable proactive VM redistribution in a regional MIG. In a regional MIG, to maintain an even number of VM instances across the selected zones in the region, use proactive instance redistribution. This configuration option maximizes the availability of your application in the event of a zone-level failure.

Terraform modules and blueprints for Compute Engine

Modules and blueprints help you automate provisioning and managing of Google Cloud resources at scale. A module is a reusable set of Terraform configuration files that creates a logical abstraction of Terraform resources. A blueprint is a package of deployable and reusable modules, and a policy that implements and documents a specific solution.

The following table lists all modules and blueprints related to Compute Engine:

Module or blueprint	Details
terraform-google-vm	Collection of opinionated submodules that you can use as building blocks to provision VMs in Google Cloud.
terraform-google-startup-scripts	Provides a library of useful startup scripts to embed in VMs.
terraform-google-container-vm	Deploys containers on Compute Engine instances

Terraform resources for Compute Engine

Resources are the fundamental elements in the Terraform language. Each resource block describes one or more infrastructure objects, such as virtual networks or compute instances.

The following table lists the Terraform resources available for Compute Engine:

Terraform resources

Data sources

google_compute_address google_compute_attached_disk google_compute_autoscaler google_compute_backend_bucket google_compute_backend_bucket_iam google_compute_backend_bucket_signed_url_key google_compute_backend_service google_compute_backend_service_iam google_compute_backend_service_signed_url_key google_compute_disk google_compute_disk_async_replication google_compute_disk_iam google_compute_disk_resource_policy_attachment google_compute_external_vpn_gateway google_compute_firewall google_compute_firewall_policy google_compute_firewall_policy_association google_compute_firewall_policy_rule google_compute_forwarding_rule google_compute_global_address google_compute_global_forwarding_rule google_compute_global_network_endpoint google_compute_global_network_endpoint_group google_compute_ha_vpn_gateway google_compute_health_check google_compute_http_health_check google_compute_https_health_check google_compute_image google_compute_image_iam google_compute_instance google_compute_instance_from_machine_image google_compute_instance_from_template google_compute_instance_group google_compute_instance_group_manager google_compute_instance_group_membership google_compute_instance_group_named_port google_compute_instance_iam google_compute_instance_settings google_compute_instance_template google_compute_interconnect google_compute_interconnect_attachment google_compute_machine_image google_compute_machine_image_iam google_compute_managed_ssl_certificate google_compute_network google_compute_network_attachment google_compute_network_edge_security_service google_compute_network_endpoint google_compute_network_endpoint_group google_compute_network_endpoints google_compute_network_firewall_policy google_compute_network_firewall_policy_association google_compute_network_firewall_policy_rule google_compute_network_peering google_compute_network_peering_routes_config google_compute_node_group google_compute_node_template google_compute_organization_security_policy google_compute_organization_security_policy_association google_compute_organization_security_policy_rule google_compute_packet_mirroring google_compute_per_instance_config google_compute_project_cloud_armor_tier google_compute_project_default_network_tier google_compute_project_metadata google_compute_project_metadata_item google_compute_public_advertised_prefix google_compute_public_delegated_prefix google_compute_region_autoscaler google_compute_region_backend_service google_compute_region_backend_service_iam google_compute_region_commitment google_compute_region_disk google_compute_region_disk_iam google_compute_region_disk_resource_policy_attachment google_compute_region_health_check google_compute_region_instance_group_manager google_compute_region_instance_template google_compute_region_network_endpoint google_compute_region_network_endpoint_group google_compute_region_network_firewall_policy google_compute_region_network_firewall_policy_association google_compute_region_network_firewall_policy_rule google_compute_region_per_instance_config google_compute_region_security_policy google_compute_region_security_policy_rule google_compute_region_ssl_certificate google_compute_region_ssl_policy google_compute_region_target_http_proxy google_compute_region_target_https_proxy google_compute_region_target_tcp_proxy google_compute_region_url_map google_compute_reservation google_compute_resource_policy google_compute_route google_compute_router google_compute_router_interface google_compute_router_nat google_compute_router_peer google_compute_security_policy google_compute_security_policy_rule google_compute_service_attachment google_compute_shared_vpc_host_project google_compute_shared_vpc_service_project google_compute_snapshot google_compute_snapshot_iam google_compute_ssl_certificate google_compute_ssl_policy google_compute_subnetwork google_compute_subnetwork_iam google_compute_target_grpc_proxy google_compute_target_http_proxy google_compute_target_https_proxy google_compute_target_instance google_compute_target_pool google_compute_target_ssl_proxy google_compute_target_tcp_proxy google_compute_url_map google_compute_vpn_gateway google_compute_vpn_tunnel google_usage_export_bucket

google_compute_address google_compute_addresses google_compute_backend_bucket google_compute_backend_bucket_iam_policy google_compute_backend_service google_compute_backend_service_iam_policy google_compute_default_service_account google_compute_disk google_compute_disk_iam_policy google_compute_forwarding_rule google_compute_forwarding_rules google_compute_global_address google_compute_global_forwarding_rule google_compute_ha_vpn_gateway google_compute_health_check google_compute_image google_compute_image_iam_policy google_compute_instance google_compute_instance_group google_compute_instance_group_manager google_compute_instance_iam_policy google_compute_instance_serial_port google_compute_instance_template google_compute_lb_ip_ranges google_compute_machine_image_iam_policy google_compute_machine_types google_compute_network google_compute_network_endpoint_group google_compute_network_peering google_compute_networks google_compute_node_types google_compute_region_backend_service_iam_policy google_compute_region_disk google_compute_region_disk_iam_policy google_compute_region_instance_group google_compute_region_instance_template google_compute_region_network_endpoint_group google_compute_region_ssl_certificate google_compute_regions google_compute_reservation google_compute_resource_policy google_compute_router google_compute_router_nat google_compute_router_status google_compute_security_policy google_compute_snapshot google_compute_snapshot_iam_policy google_compute_ssl_certificate google_compute_ssl_policy google_compute_subnetwork google_compute_subnetwork_iam_policy google_compute_subnetworks google_compute_vpn_gateway google_compute_zones

What's next

• Terraform code samples for Compute Engine
• Terraform on Google Cloud documentation
• Google Cloud provider documentation in HashiCorp
• Infrastructure as code for Google Cloud