使用 Terraform 部署 VPC

了解如何使用 Infrastructure Manager 部署虚拟私有云 (VPC)。

本快速入门使用存储在公共 GitHub 代码库中的 Terraform 配置。该配置定义了要预配的 VPC。


  1. Sign in to your Google Account.

    If you don't already have one, sign up for a new account.

  2. Install the Google Cloud CLI.
  3. To initialize the gcloud CLI, run the following command:

    gcloud init
  4. Create or select a Google Cloud project.

    • Create a Google Cloud project:

      gcloud projects create PROJECT_ID

      Replace PROJECT_ID with a name for the Google Cloud project you are creating.

    • Select the Google Cloud project that you created:

      gcloud config set project PROJECT_ID

      Replace PROJECT_ID with your Google Cloud project name.

  5. Make sure that billing is enabled for your Google Cloud project.

  6. Enable the Infrastructure Manager API:

    gcloud services enable config.googleapis.com
  7. Set up authentication:

    1. Create the service account:

      gcloud iam service-accounts create SERVICE_ACCOUNT_NAME

      Replace SERVICE_ACCOUNT_NAME with a name for the service account.

    2. Grant the roles/config.agent IAM role to the service account:

      gcloud projects add-iam-policy-binding PROJECT_ID --member="serviceAccount:SERVICE_ACCOUNT_NAME@PROJECT_ID.iam.gserviceaccount.com" --role=roles/config.agent

      Replace the following:

      • SERVICE_ACCOUNT_NAME: the name of the service account
      • PROJECT_ID: the project ID where you created the service account
  8. Install the Google Cloud CLI.
  9. To initialize the gcloud CLI, run the following command:

    gcloud init
  10. Create or select a Google Cloud project.

    • Create a Google Cloud project:

      gcloud projects create PROJECT_ID

      Replace PROJECT_ID with a name for the Google Cloud project you are creating.

    • Select the Google Cloud project that you created:

      gcloud config set project PROJECT_ID

      Replace PROJECT_ID with your Google Cloud project name.

  11. Make sure that billing is enabled for your Google Cloud project.

  12. Enable the Infrastructure Manager API:

    gcloud services enable config.googleapis.com
  13. Set up authentication:

    1. Create the service account:

      gcloud iam service-accounts create SERVICE_ACCOUNT_NAME

      Replace SERVICE_ACCOUNT_NAME with a name for the service account.

    2. Grant the roles/config.agent IAM role to the service account:

      gcloud projects add-iam-policy-binding PROJECT_ID --member="serviceAccount:SERVICE_ACCOUNT_NAME@PROJECT_ID.iam.gserviceaccount.com" --role=roles/config.agent

      Replace the following:

      • SERVICE_ACCOUNT_NAME: the name of the service account
      • PROJECT_ID: the project ID where you created the service account


您已授予运行 Infra Manager 所需的权限,但还需要授予特定于您要部署的配置中所述资源的权限。

为 VPC(即 Terraform 配置中定义的资源)授予权限。

gcloud projects add-iam-policy-binding PROJECT_ID \
    --member=serviceAccount:SERVICE_ACCOUNT_NAME@PROJECT_ID.iam.gserviceaccount.com \


  • SERVICE_ACCOUNT_NAME 替换为服务账号的名称。
  • PROJECT_ID:您的项目 ID。



以下命令填充了四个没有默认值的值。这些值包括:您的项目 ID、服务账号名称、位置 us-central1 以及您要创建的网络的名称 quickstart-vpc


    gcloud infra-manager previews create projects/PROJECT_ID/locations/us-central1/previews/quickstart-preview \
        --service-account projects/PROJECT_ID/serviceAccounts/SERVICE_ACCOUNT_NAME@PROJECT_ID.iam.gserviceaccount.com \
        --git-source-repo=https://github.com/terraform-google-modules/terraform-google-network \
        --git-source-directory=modules/vpc \
        --git-source-ref=master \

创建预览后,您可以查看预览结果。 本快速入门会跳过此步骤,但如果您想了解详情,可以参阅导出和查看预览结果


使用 Infra Manager 创建部署。这意味着 Infra Manager 会预配 Terraform 配置中定义的资源。

本快速入门的配置有四个没有默认值的值。以下命令会添加以下值:您的项目 ID、服务账号名称、位置 us-central1 以及您要创建的网络的名称 quickstart-vpc

gcloud infra-manager deployments apply projects/PROJECT_ID/locations/us-central1/deployments/quickstart-deployment \
    --service-account=projects/PROJECT_ID/serviceAccounts/SERVICE_ACCOUNT_NAME@PROJECT_ID.iam.gserviceaccount.com \
    --git-source-repo=https://github.com/terraform-google-modules/terraform-google-network \
    --git-source-directory=modules/vpc \
    --git-source-ref=master \


Creating the deployment...done

现在,VPC 已按照配置中所述的方式创建和配置。

在 Cloud Build 中查看构建结果

如需查看 Infra Manager 用于创建部署的 Cloud Build 作业,请打开 Google Cloud 控制台中的构建记录页面:





gcloud infra-manager deployments describe projects/PROJECT_ID/locations/us-central1/deployments/quickstart-deployment


您会看到状态为 ACTIVE

查看预配的 VPC 的详细信息

查看预配的 VPC 的详细信息:

gcloud infra-manager resources list --revision=projects/PROJECT_ID/locations/us-central1/deployments/quickstart-deployment/revisions/REVISION_ID

REVISION_ID 替换为最新修订版的 ID。此 ID 为 r-0,除非您多次部署。您可以在上一部分中的部署说明中查看最新修订版的 ID。

在控制台中查看 VPC

在控制台中查看 VPC:

前往“VPC 网络”页面

您会看到一个名为 quickstart-vpc 的 VPC。这是 Infra Manager 预配的 VPC。


为避免因本页中使用的资源导致您的 Google Cloud 账号产生费用,请务必删除不再需要的资源。

删除 VPC

删除 VPC 以及与部署有关的元数据:

gcloud infra-manager deployments delete projects/PROJECT_ID/locations/us-central1/deployments/quickstart-deployment


如果您在新的 Google Cloud 项目中部署了解决方案,但不再需要该项目,请完成以下步骤来将其删除:

  1. 在 Google Cloud 控制台中,进入管理资源页面:


  2. 在项目列表中,选择要删除的项目,然后点击删除
  3. 在提示符处,输入项目 ID,然后点击关停
