IAAC || Terraform || GCP-Bucket
If you are landing here directly, you are requested to first read through this blog. Here in this part, we shall be looking majorly through following concepts :-
- Setting up our own GCP account.
- Setting up GCP Project and Service-Account into GCP account.
- Setting up gCloud CLI at our local system.
- Introduction to GCS Bucket and Creating bucket manually.
- Creating GCS Bucket through Terraform via local machine.
- Creating GCS Bucket through Terraform via CloudShell.
- Creating GCS Bucket through ServiceAccount.
- Modifying the properties of GCS Bucket using Terraform.
- Adding Lifecycle-Rule to the GCS Bucket through CloudConsole.
- Adding Lifecycle-Rule to the GCS Bucket using Terraform.
- Adding Retention-Policy to the GCS Bucket using Terraform.
Question:- Demonstrate setting up of GCS Account ?
Step #1.) Login to GCP console account :-
Step #2.) Fill-in the Account Information :-
Step #3.) Fill-in the Identity Verification and Contact Information :-
Step #4.) Fill-in the Payment Information :-
Step #5.) And the account shall be setup within some few hours :-
Question:- Demonstrate setting up a Project & Service-Account into the GCS Account ?
Step #1.) Login to GCP console account and create a new project :-
Step #2.) Next, let’s create a new service-account, which shall be used by the services :-
Step #3.) Here are the configuration details of the service-account :-
Step #4.) As of now, we are not allowing any role to the account :-
Step #5.) Hit DONE button and we are done :-
Question:- Demonstrate setting up gCloud CLI at our local system ?
Step #1.) Depending upon whichever system you are working with, download the binaries for the same.
Step #2.) In our case, we are working on MAC, so we download the package :-
Step #3.) Next, we go ahead and install the Google-Cloud-SDK :-
Step #4.) Next, we would need to initialise the gCloud CLI :-
Step #5.) Now, we would perform authentication with our account :-
And here is the confirmation, it would show to us @ the browser as well :-
Question:- Can you introduce, if there is any storage solution provided by Google ?
Answer:- GCP provides full-fledged storage solution :-
Question:- Demonstrate the process of creating bucket manually ?
Step # 1.) Log into the GCP console and start with following configuration :-
Step # 2.) Choose the location type out of following options :-
- Multi-Region.
- Dual-Region
- Region
Step # 3.) Choose the storage class for our data :-
- Standard
- Nearline
- Coldline
- Archive
Step # 4.) Choose the access-control for our objects :-
- Uniform
- Fine-Grained.
Step # 5.) We can also choose from some other options :-
- Encryption.
- Retention Policy
- Labels
Step # 6.) Finally, we can go ahead and create the bucket :-
Question:- Demonstrate the process of creating an GCP-bucket with the help of Terraform now ?
Step #1.) Here is the terraform script that we shall be using, in order to create the bucket at GCP :-
- Here, we are using the google as provider. This is a plugin just like, we had been using the local & random plugins.
- We had also specified the project name, region and zone into which we basically want the Terraform to execute.
- At last, we have supplied the resource details, which we wanted to create.
Step #2.) Let’s execute the script :- terraform init
Step #3.) Let’s now see the plan :- terraform plan
Step #4.) Let’s now see the plan :- terraform apply
Step #5.) Let’s verify that, whether bucket got created into out GCP account :-
Question:- What are the other possible arguments that are supported with “google_storage_bucket” resource ?
Answer :- Following are the arguments :-
- location
- project
- storage_class
- force_destroy
Question:- Demonstrate process of creating an GCP-bucket with the help of Terraform through CloudShell ?
Step #1.) Let’s first open the cloud-shell and start preparing for the workspace :-
Step #2.) Let’s check, what is the current version of Terraform :-
Step #3.) Here is the terraform script that we shall be using, in order to create the bucket at GCP. Note that, we have changed the name of bucket now :-
Step #4.) First step is to execute init : terraform init
Step #5.) Next step is to execute init : terraform plan. As soon as we execute this plan, we shall be asked to authorise to cloud-shell :-
Finally, we have plan for terraform published now :-
Step #6.) Next step is to execute init : terraform apply. As soon as we execute this command, resource shall be created into the GCP account :-
Step #7.) Let’s now verify that, whether bucket got created :-
Question:- Demonstrate process of creating an GCP-bucket with the help of Service Account ?
Step #1.) In this step, we are going to use the earlier service account, which we created. In order for us to authenticate, we need to generate some key. Using this key, only we can authenticate ourselves with the GCP account.
Step #2.) We need to provide one credential here. So, let’s first create a key here :-
It shall then ask us, which type of key, we wish to generate. We would go ahead with JSON in this step :-
Finally, the key is downloaded with us. We would rename this file and new file name is: “terraform-keys.json” :-
Here, is how our file looks like :- This key contains the private key, through this only we are going to authenticate from this service-account to the Google Cloud platform.
Step #3.) Let’s now write our terraform-script, through the help of which, we shall be creating the google storage bucket in GCP cloud :-
Step #4.) Let’s now execute the command : “terraform init” :-
Step #5.) Let’s now execute the command : “terraform plan” :-
Step #6.) Let’s now execute the command : “terraform apply” :-
- We can see from above screenshot that, this didn’t worked at all and the reason for the same is because our service-account doesn’t have relevant access to the Google Cloud Project.
- It also means there is no role assigned to our service account, so next, we shall add the one.
Step #7.) Let’s just go ahead with our Google Cloud console and let’s provide the required access/role to our service-account :-
We have allocated the role of “Storage Admin” to our principal :-
Step #8.) Now, we go ahead and again execute the command : “terraform apply” :-
Step #9.) We can now verify that, our required GCP bucket has been well created into the Google Storage :-
That’s how, we have successfully authenticated to GCP-account, via our terraform script.
Question:- What shall happen, in case we want to modify some properties of the bucket ?
Step #1.) We first segregate the provider related properties. This is purely an optional step :-
Step #2.) We can supply some additional parameters now :-
Step #3.) We can now execute the command : “terraform apply” and observe the changes by logging into the GCP bucket :-
Step #4.) Here, we have also uploaded the file, which we can see :-
Question:- Let’s add some lifecycle-rule to this GCS bucket through Cloud console itself ?
Step #1.) We first navigate to the LIFECYCLE tab of this GCS-Bucket :-
Step #2.) We now select an action here :- We first set the Storage Class to Archive mode :-
Step #3.) We now select an Object-Condition here :- We set the Age Condition to be 15 days :-
Step #4.) And finally we are done. For this particular policy, it means that, as soon as object was being uploaded for more than 15 days at GCP-Bucket, the object would be archived.
Question:- Let’s add this sort of lifecycle-rule to this GCS bucket through Terraform now ?
Step #1.) We first navigate to our IDE, where we can set the properties as below :- Note that, in this case, we have set an different lifecycle rule i.e. if age is more than 7 days, then storage-class shall be changed to ColdLine :-
Step #2.) Let’s execute the “terraform plan” condition now and see the change :-
Step #3.) Let’s execute the “terraform apply” command and see the action in change :-
Step #4.) Let’s see the rules now, the same are being reflected in the GCS console as well :-
Question:- Let’s add the Retention-Policy now for the GCS-Bucket ?
Step #1.) We first understand what’s an Retention Policy :- It prevents the deletion or modification of the bucket’s objects for a specified minimum period of time after they are being uploaded.
Step #2.) Let’s head to our code-base and code the following configuration :-
Step #3.) Let’s now execute the “terraform apply” command :-
Step #4.) Let’s see the changes, whether the same are being reflected on the GCS bucket :-
That’s all in this section. If you liked reading this blog, kindly do press on clap button multiple times, to indicate your appreciation. We would see you in next part of this series with HashiCorp Terraform.
References :-