Deploy your foundation using Terraform downloaded from the console

Stay organized with collections Save and categorize content based on your preferences.


The Cloud foundation setup guide in the Google Cloud console allows enterprise administrators to configure an enterprise-ready Google Cloud foundation via a guided interface and deploy it directly from the console or download it as Terraform. Administrators can configure an organization entity, users & groups; link or set up a billing account; and configure resource (folders & projects) hierarchy, IAM policies, initial networking, and centralized logging and monitoring.

When customers download their configuration as Terraform, the console generates a Terraform file for later deployment. This tutorial provides instructions for deploying the exported Terraform configuration so that it works with any prior infrastructure.


Review Best practices for using Terraform, which includes guidelines for effective development with Terraform across team members and workstreams.

Deploy Terraform with Google Cloud Shell

Cloud Shell comes with Terraform pre-installed and pre-authenticated, so you can get started quickly.

  1. From the in-console setup guide, click Download as Terraform and save the configuration.
  2. Open the Cloud Shell.
  3. In Cloud Shell, create a directory and navigate to it:
    mkdir cloud-foundation-example && cd cloud-foundation-example
  4. Upload the Terraform configuration that you downloaded in Step 1.
    1. From the Cloud Shell three-dotted More menu, select Upload and then click Choose Files to select the Terraform configuration. Set the destination directory to the folder that you created in step 2, and then click Upload.
  5. Ensure that you’re in the “cloud-foundation-example” directory.
  6. Create a Google Cloud CLI bucket to store Terraform Remote State. A remote state lets Terraform use object stores like gcloud CLI to store state information about your Terraform-managed infrastructure. This configuration provides benefits like team delegation and state locking.
    1. To create the gcloud CLI bucket, run the following command:
      gsutil mb gs://tf-state-$PROJECT_ID
  7. Define a Terraform backend configuration within a file and replace PROJECT_ID to match the project ID that you used in step 6. For more details, review storing Terraform state in gcloud CLI.
    terraform {
       backend "gcs" {
         bucket  = "tf-state-PROJECT_ID"
         prefix  = "terraform/state"
  8. Run terraform init. This process initializes your working directory that contains the Terraform configuration files and the backend.
  9. Perform a test run to see the results of running the Terraform plan and validating your Terraform code. Example output:
    Plan: 6 to add, 0 to change, 0 to destroy.
    Note: You didn't use the -out option to save this plan, so Terraform can't
    guarantee to take exactly these actions if you run "terraform apply" now.
  10. Apply the configuration by running terraform apply, which deploys your resources to GCP. When prompted, enter yes.
  11. Navigate the UI to verify that your resources are now deployed on your account/project.

Managing Infrastructure as Code with Terraform, Cloud Build, & GitOps

We recommend following this tutorial for complete instructions. This option is for platform admins and operators who are looking for a strategy to predictably and repeatedly make changes to infrastructure. The guide assumes you are familiar with Google Cloud, Linux, and GitHub. The high level steps of this option are as follows:

  1. Set up your GitHub repository.
  2. Configure Terraform to store state in a Cloud Storage bucket.
  3. Grant permissions to your Cloud Build service account.
  4. Connect Cloud Build to your GitHub repository.
  5. Change your environment configuration in a feature branch.
  6. Promote changes to the development environment.
  7. Promote changes to the production environment.