IAAC || Terraform || GCP-Bucket

If you are landing here directly, you are requested to first read through this blog. Here in this part, we shall be looking majorly through following concepts :-

  • Setting up our own GCP account.

Question:- Demonstrate setting up of GCS Account ?

Step #1.) Login to GCP console account :-

Step #2.) Fill-in the Account Information :-

Step #3.) Fill-in the Identity Verification and Contact Information :-

Step #4.) Fill-in the Payment Information :-

Step #5.) And the account shall be setup within some few hours :-

Question:- Demonstrate setting up a Project & Service-Account into the GCS Account ?

Step #1.) Login to GCP console account and create a new project :-

Step #2.) Next, let’s create a new service-account, which shall be used by the services :-

Step #3.) Here are the configuration details of the service-account :-

Step #4.) As of now, we are not allowing any role to the account :-

Step #5.) Hit DONE button and we are done :-

Question:- Demonstrate setting up gCloud CLI at our local system ?

Step #1.) Depending upon whichever system you are working with, download the binaries for the same.

Step #2.) In our case, we are working on MAC, so we download the package :-

Step #3.) Next, we go ahead and install the Google-Cloud-SDK :-

Step #4.) Next, we would need to initialise the gCloud CLI :-

Step #5.) Now, we would perform authentication with our account :-

And here is the confirmation, it would show to us @ the browser as well :-

Question:- Can you introduce, if there is any storage solution provided by Google ?

Answer:- GCP provides full-fledged storage solution :-

Question:- Demonstrate the process of creating bucket manually ?

Step # 1.) Log into the GCP console and start with following configuration :-

Step # 2.) Choose the location type out of following options :-

  • Multi-Region.

Step # 3.) Choose the storage class for our data :-

  • Standard

Step # 4.) Choose the access-control for our objects :-

  • Uniform

Step # 5.) We can also choose from some other options :-

  • Encryption.

Step # 6.) Finally, we can go ahead and create the bucket :-

Question:- Demonstrate the process of creating an GCP-bucket with the help of Terraform now ?

Step #1.) Here is the terraform script that we shall be using, in order to create the bucket at GCP :-

  • Here, we are using the google as provider. This is a plugin just like, we had been using the local & random plugins.

Step #2.) Let’s execute the script :- terraform init

Step #3.) Let’s now see the plan :- terraform plan

Step #4.) Let’s now see the plan :- terraform apply

Step #5.) Let’s verify that, whether bucket got created into out GCP account :-

Question:- What are the other possible arguments that are supported with “google_storage_bucket” resource ?

Answer :- Following are the arguments :-

  • location

Question:- Demonstrate process of creating an GCP-bucket with the help of Terraform through CloudShell ?

Step #1.) Let’s first open the cloud-shell and start preparing for the workspace :-

Step #2.) Let’s check, what is the current version of Terraform :-

Step #3.) Here is the terraform script that we shall be using, in order to create the bucket at GCP. Note that, we have changed the name of bucket now :-

Step #4.) First step is to execute init : terraform init

Step #5.) Next step is to execute init : terraform plan. As soon as we execute this plan, we shall be asked to authorise to cloud-shell :-

Finally, we have plan for terraform published now :-

Step #6.) Next step is to execute init : terraform apply. As soon as we execute this command, resource shall be created into the GCP account :-

Step #7.) Let’s now verify that, whether bucket got created :-

Question:- Demonstrate process of creating an GCP-bucket with the help of Service Account ?

Step #1.) In this step, we are going to use the earlier service account, which we created. In order for us to authenticate, we need to generate some key. Using this key, only we can authenticate ourselves with the GCP account.

Step #2.) We need to provide one credential here. So, let’s first create a key here :-

It shall then ask us, which type of key, we wish to generate. We would go ahead with JSON in this step :-

Finally, the key is downloaded with us. We would rename this file and new file name is: “terraform-keys.json” :-

Here, is how our file looks like :- This key contains the private key, through this only we are going to authenticate from this service-account to the Google Cloud platform.

Step #3.) Let’s now write our terraform-script, through the help of which, we shall be creating the google storage bucket in GCP cloud :-

Step #4.) Let’s now execute the command : “terraform init” :-

Step #5.) Let’s now execute the command : “terraform plan” :-

Step #6.) Let’s now execute the command : “terraform apply” :-

  • We can see from above screenshot that, this didn’t worked at all and the reason for the same is because our service-account doesn’t have relevant access to the Google Cloud Project.

Step #7.) Let’s just go ahead with our Google Cloud console and let’s provide the required access/role to our service-account :-

We have allocated the role of “Storage Admin” to our principal :-

Step #8.) Now, we go ahead and again execute the command : “terraform apply” :-

Step #9.) We can now verify that, our required GCP bucket has been well created into the Google Storage :-

That’s how, we have successfully authenticated to GCP-account, via our terraform script.

Question:- What shall happen, in case we want to modify some properties of the bucket ?

Step #1.) We first segregate the provider related properties. This is purely an optional step :-

Step #2.) We can supply some additional parameters now :-

Step #3.) We can now execute the command : “terraform apply” and observe the changes by logging into the GCP bucket :-

Step #4.) Here, we have also uploaded the file, which we can see :-

Question:- Let’s add some lifecycle-rule to this GCS bucket through Cloud console itself ?

Step #1.) We first navigate to the LIFECYCLE tab of this GCS-Bucket :-

Step #2.) We now select an action here :- We first set the Storage Class to Archive mode :-

Step #3.) We now select an Object-Condition here :- We set the Age Condition to be 15 days :-

Step #4.) And finally we are done. For this particular policy, it means that, as soon as object was being uploaded for more than 15 days at GCP-Bucket, the object would be archived.

Question:- Let’s add this sort of lifecycle-rule to this GCS bucket through Terraform now ?

Step #1.) We first navigate to our IDE, where we can set the properties as below :- Note that, in this case, we have set an different lifecycle rule i.e. if age is more than 7 days, then storage-class shall be changed to ColdLine :-

Step #2.) Let’s execute the “terraform plan” condition now and see the change :-

Step #3.) Let’s execute the “terraform apply” command and see the action in change :-

Step #4.) Let’s see the rules now, the same are being reflected in the GCS console as well :-

Question:- Let’s add the Retention-Policy now for the GCS-Bucket ?

Step #1.) We first understand what’s an Retention Policy :- It prevents the deletion or modification of the bucket’s objects for a specified minimum period of time after they are being uploaded.

Step #2.) Let’s head to our code-base and code the following configuration :-

Step #3.) Let’s now execute the “terraform apply” command :-

Step #4.) Let’s see the changes, whether the same are being reflected on the GCS bucket :-

That’s all in this section. If you liked reading this blog, kindly do press on clap button multiple times, to indicate your appreciation. We would see you in next part of this series with HashiCorp Terraform.

References :-

--

--

Software Engineer for Big Data distributed systems

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store