Authenticating your google cloud infra in terraform using service accounts

Step 1:How to create a service account to authenticate your google cloud
Login to google cloud console -> Search for IAM, then click on service accounts in the left side and follow as per the image for creating new service account

Step 1.1:

Step 1.2: Enter Service account name and Service account id will be automatically populated and then click on create and continue

Step 1.3:

Select Role as Owner as per the below picture

Step 1.4 Keep the values as it is and click on continue

Step 1.5: Select the service account created

Step 1.6: Click on keys

Step 1.7: Create new keys

Step 1.8:

Step 1.9: It will download json file with the key information, save it where needed it to be

Step 1.10: finally message after saving key in your system

Step 2:Provision Google cloud storage

List of files in my IAC code

GCP_Infra(Folder name)

• storage.tf
• provider.tf
• svc.json [This is the key downloaded from Step 1.9 and renamed file]
• variable.tf

Step 2.1: provider.tf file code snippet

terraform {
  required_providers {
    google = {
      source  = "hashicorp/google"
      version = "6.12.0"
    }
  }
}

provider "google" {
  # Configuration options  
  project     = "Project_ID"
  region      = "us-central1"
  zone        = "us-central1-c"
  credentials = "svc.json"
}

Note : Replace Project_ID by taking the value from google console.
region, zone are to be updated as per your project needs

Step 2.2: storage.tf file code snippet

resource "google_storage_bucket" "my_bucket" {
  name          = "srinivas-letterkenny-ireland"
  location      = "US"
  force_destroy = true

  lifecycle_rule {
    action {
      type = "Delete"
    }

    condition {
      age = 30
    }
  }
}

Step 2.3: variable.tf file code snippet

variable "gcp_project" {
  type    = string
}

variable "gcp_region" {
  type    = string
  default = "US"
}

variable "gcp_svc_key" {
  type    = string
  default = "svc.json"
}

Step 3:Provision Google cloud VM
List of files in my IAC code

GCP_Infra(Folder name)

• vm.tf
• provider.tf
• svc.json [This is the key downloaded from Step 1.9 and renamed file]
• variable.tf

Step 3.1: vm.tf file code snippet

resource "google_compute_instance" "vm_instance" {
  name         = "terraform-instance"
  machine_type = "e2-micro"

  boot_disk {
    initialize_params {
      image = "debian-cloud/debian-11"
    }
  }

  network_interface {
    # A default network is created for all GCP projects
    network = "default"
    access_config {
    }
  }
}

Note : provider.tf, svc.json and variable.tf can be copied from storage

Other ways to authenticate gcp cloud

Conclusion : How To Authenticate GCP Cloud Infra using Service Account with IAC Terraform. Shared terraform code for google cloud storage and vm.
💬 If you enjoyed reading this blog post and found it informative, please take a moment to share your thoughts by leaving a review and liking it 😀 and follow me in dev.to , linkedin