67 questions
5
votes
2
answers
14k
views
Terraform different backend for each project
I'm a bit of a newbie with Terraform and still working my way through the documentation, have not yet been able to find a way to accomodate the set up I need to achieve for a specific solution and ...
- 1,280
30
votes
3
answers
10k
views
What is the meaning of "authoritative" and "Non-authoritative" for GCP IAM bindings/members
I am trying to understand the difference between google_service_account_iam_binding and google_service_account_iam_member in the GCP terraform provider at https://www.terraform.io/docs/providers/...
- 12.7k
7
votes
3
answers
12k
views
Terraform Google provider, create log-based alerting policy
I need to create a log-based alerting policy via Terraform Google cloud provider :
https://cloud.google.com/logging/docs/alerting/monitoring-logs#lba
I checked from the Terraform official ...
- 6,682
6
votes
2
answers
4k
views
Terraform google_project_iam_binding deletes GCP compute engine default service account from IAM principals
Problem
Terraform GCP google_service_account and google_project_iam_binding resource to attach roles/editor deleted Google APIs Service Agent and GCP default compute engine default service account in ...
- 23k
2
votes
3
answers
5k
views
Create instance using terrafrom from GCP marketplace
I m trying to create terraform script to launch the fastai instance from the marketplace.
I m adding image name as,
boot_disk {
initialize_params {
image = "<image name>"
}
}
...
- 7,307
47
votes
6
answers
39k
views
Can I automatically enable APIs when using GCP cloud with terraform?
I am very new to GCP with terraform and I want to deploy all my modules using centralized tools.
Is there any way to remove the step of enabling google API's every time so that deployment is not ...
- 589
23
votes
6
answers
98k
views
Terraform check if resource exists before creating it
Is there a way in Terraform to check if a resource in Google Cloud exists prior to trying to create it?
I want to check if the following resources below exist in my CircleCI CI/CD pipeline during a ...
- 898
13
votes
1
answer
40k
views
Terraform - iterate over nested map
I am trying to create IAM binding for Bigquery dataset using the resource - google_bigquery_dataset_iam_binding. The requirement is I read the parameters in this resource (dataset_id, role, members) ...
- 147
7
votes
1
answer
14k
views
Using Terraform to create a service account with IAM roles
I am trying to create a basic Service Account with the roles/logging.logWriter IAM role with Terraform. Below is how I have configured this:
resource "google_service_account" "log_user" {
...
- 1,203
6
votes
3
answers
5k
views
Deploy new container revision to Cloud Run without changing Terraform
I am setting up a CI&CD environment for a GCP project involves Cloud Run. While setting up everything via Terraform is pretty much straightforward, I cannot figure out how to update the ...
- 4,011
4
votes
2
answers
13k
views
googleapi: Error 403: Required 'compute.organizations.enableXpnHost' permission
I have given my user both my admin user and the service account user the "Compute Shared VPC Admin" role at the organization level, but I can't seem to enable the requested permission. I ...
- 53
4
votes
3
answers
6k
views
How to fix "An Unknown Error Occurred" when creating multiple Google Cloud SQL instances with private IP simultaneously?
Our cloud backend setup contains 5 Cloud SQL for Postgres instances. We manage our infrastructure using Terraform. We are using connecting them from GKE using a public IP and the Cloud SQL container.
...
- 705
3
votes
3
answers
2k
views
Managing GKE and its deployments with Terraform
I can use terraform to deploy a Kubernetes cluster in GKE.
Then I have set up the provider for Kubernetes as follows:
provider "kubernetes" {
host = "${data....
- 1,394
2
votes
1
answer
2k
views
How to set auto-delete option for additional attached_disk in gcp instance uing terraform?
I am trying to create a vm instance in gcp with a boot_disk and additional attached_disk using terraform. I could not find any parameter to auto delete the additional attached_disk when instance is ...
- 823
1
vote
1
answer
3k
views
Can't remove Google Cloud project
I was playing around with terraform to create an infrastructure for a couple of services on GCP. GCP organises all the infra in so called projects. I specified a project_id incrorrectly in terraform ...
- 5,996
70
votes
11
answers
77k
views
"Invalid legacy provider address" error on Terraform
I'm trying to deploy a bitbucket pipeline using terraform v0.14.3 to create resources in google cloud. after running terraform command, the pipeline fails with this error:
Error: Invalid legacy ...
- 761
17
votes
3
answers
57k
views
Google Cloud credentials with Terraform
I am using GCP provisioning using Terraform / Terragrunt, and I find the workflow with obtaining GCP credentials quite confusing. I've come from using AWS exclusively, where obtaining credentials, and ...
- 1,693
15
votes
3
answers
16k
views
Providing Terraform with credentials in terraform files instead of env variable
I have set-up a terraform project with a remote back-end on GCP. Now when I want to deploy the infrastructure, I run into issues with credentials. I have a credentials file in
\home\mike\.config\...
- 4,359
14
votes
1
answer
22k
views
terraform plan notifies of changes in infrastructure but also saying No changes
When I run
terraform plan
it shows a list of changes made out of Terraform and at the end of output, it also informs that "No changes. Your infrastructure matches the configuration.&...
- 399
14
votes
3
answers
7k
views
Automate GCP persistent disk initialization
Are there any scripts that automate persistent disks formatting and attaching to the Google Cloud VM instance, instead of doing formatting & mounting steps?
The persistent disk is created with ...
- 10.2k
13
votes
9
answers
64k
views
Terraform: googleapi: Error 403: Permission denied on resource project
googleapi: Error 403: Permission denied on resource project shared_vpc_host_name., forbidden
I am trying to create shared vpc and service project using Terraform project facotry module and I am ...
- 1,100
11
votes
2
answers
5k
views
Google Cloud Platform API to configure OAuth2 consent and credentials
The Oauth2 setup help says to use the https://console.cloud.google.com/apis/credentials page to setup credentials for Oauth2. However I can find no documentation on any RESTful or gRPC API to ...
- 852
10
votes
4
answers
9k
views
Plan Error: Cloud Resource Manager API has not been used
When I try to run
steps:
- id: Plan Terraform
name: hashicorp/terraform:light
args:
- plan
in Cloud Build, I get the error:
Error: Error reading Project Service foo/cloudbuild.googleapis.com: ...
- 14.2k
10
votes
4
answers
10k
views
Can I create GCP API keys using Terraform?
I'd like to create Google Cloud API keys using Terraform.
Is this possible?
- 7,885
8
votes
6
answers
14k
views
missing permission on "billingAccounts/XXXXXXXXXXXXXXXXXXXXXXXX": billing.resourceAssociations.create Terraform (GCP)
I tried to automate the Shared VPC creation on GCP by using Terraform. I have enabled all the access to my service account (Org Admin, XpnAdmin, Storage Admin, Compute admin, Billing Admin)
But when ...
- 93
7
votes
1
answer
2k
views
How to use Terraform `google_app_engine_domain_mapping` with service account?
I'm trying to create a GCP App Engine domain mapping via Terraform with the following configuration:
provider "google" {
version = "3.36.0"
region = var.region
}
resource &...
- 2,849
6
votes
1
answer
7k
views
What is the Correct Terraform Provider Configuration for Google Cloud Platform Resources with Beta Arguments?
Terraforming any Google Cloud Platform (GCP) resource defined by any beta arguments requires the google-beta provider. Should the google-beta provider be used instead of or in tandem with the google ...
- 1,319
5
votes
1
answer
8k
views
terraform destroy produces cycle error when no cycles present
Terraform Version
Terraform v0.12.1
Terraform Configuration Files
main.tf in my root provider:
provider "google" {}
module "organisation_info" {
source = "../../modules/organisation-...
- 6,275
5
votes
3
answers
4k
views
How to configure GCP pub/sub dead letter with Terraform
I'm trying to set up a pretty routine Cloud Store -> Pub/Sub -> Cloud Run process using Terraform.
// Service Account
resource "google_service_account" "example_sa" {
...
- 990
4
votes
2
answers
3k
views
Error setting up Cloud Storage terraform backend: "Error impersonate: status code 403: The caller does not have permission"
I am trying to set-up a terraform remote backend using GCP Cloud Storage. I first created a service account from the CLI:
gcloud iam service-accounts create $SERVICE_ACCOUNT_NAME --display-name $...
- 653
4
votes
3
answers
4k
views
Terraform GCP Project creation
I'm trying to create a google cloud project with terraform. I'm refering to this link as a reference...
https://femrtnz.medium.com/automating-gcp-projects-with-terraform-d571f0d94742
I followed the ...
- 59
4
votes
2
answers
11k
views
Installing Google Cloud SDK using Windows SSL error
I'm trying to install Google Cloud SDK on my company computer but it seems it is not working. I think it is something related to the firewall but I couldn't figure it out.
This is the error message. ...
3
votes
1
answer
1k
views
Get usable P12 bundle/private key from Terraform google_service_account_key resource
I have created a service account key for a GCP service account using the Terraform google provider. I've set the private key type to "TYPE_PKCS12_FILE", which we require for compatibility ...
- 487
3
votes
2
answers
2k
views
Google cloud build trigger with terraform gives Error creating Trigger: googleapi: Error 400: Request contains an invalid argument
I have a gen2 connection setup successfully, the only resource that I am unable to create is the trigger and I have searched all logs for. more informative description than this "error: Error ...
- 31
3
votes
1
answer
2k
views
Connecting to Google Cloud SQL instance on private IP from a VM with both private and public IPs fails
What I'm trying to set up:
Cloud SQL instance with private IP, Postgresql database
A VM with one public IP and one private IP on same VPC network as the SQL instance is on (VM, SQL instance and VPC ...
- 6,269
3
votes
1
answer
2k
views
GKE permission issue on gcr.io with service account based on terraform
I am running into problems getting my containers from gcr.io
$ kubectl get po
NAME READY STATUS RESTARTS AGE
api-deployment-74d8cf8768-x8bsk 0/2 ...
- 4,359
3
votes
4
answers
12k
views
How to get all the VM's information for all Projects in GCP
How to get all the VM's information for all Projects in GCP.
I have multiple Projects in My GCP account and I need the Operating System, Version of Operating of System and Build Version of the ...
- 735
3
votes
1
answer
4k
views
Not able to add multiple conditions in google_monitoring_alert_policy for GCP alerting policy using Terraform
Please let me know how to mention more than one conditions in GCP alerting policy via Terraform. I tried out several ways of creating a list of conditions as mentioned in documentation but nothing ...
- 221
3
votes
3
answers
5k
views
ImagePullBackOff on GKE with Private Google Cloud Repository
I am creating a deployment in GKE with a following (standard) deployment
apiVersion: apps/v1
kind: Deployment
metadata:
name: api-deployment
spec:
replicas: 1
selector:
matchLabels:
...
- 4,359
3
votes
1
answer
5k
views
terraform manually installed plugin fails
I am using terraform 0.13.0 and trying to the kubernetes-alpha provider (https://github.com/hashicorp/terraform-provider-kubernetes-alpha). I download the plugin for Mac and copied the plugin to ~/....
- 785
3
votes
2
answers
3k
views
How to iterate multiple resources over the same list?
New to Terraform here. I'm trying to create multiple projects (in Google Cloud) using Terraform. The problem is I've to execute multiple resources to completely set up a project. I tried count, but ...
- 725
2
votes
1
answer
3k
views
Grant workload identity pool access to service account through terraform
How to grant access to a service account to WIF so that identity pool can impersonate a service account.
I can do this through the UI by clicking on grant as shown below:
How can this be done through ...
- 6,957
2
votes
1
answer
2k
views
Terraform claims backend GCS bucket doesn't exist
Terraform 1.4.5 on Windows, authenticating as individual user via gcloud auth application-default login. I suddenly started getting this error a few hours whenever I do any operating involving the ...
- 931
2
votes
1
answer
1k
views
How to get GKE cluster Hash value to update GCP firewall rules
We are creating a GKE cluster using Terraform module and then deploying Istio on top of it using modules. But before deploying Istio we need to update the gke-<cluster-name>-<cluster-hash>-...
- 854
2
votes
2
answers
4k
views
terraform 'condition' error in google_project_iam_binding
I'm try create user and set a policy to him.
Create user, is ok.
The problem is when I try set a condition.
Via gcloud works fine, but using terraform, not.
When I remove the condition line, works, ...
2
votes
1
answer
3k
views
Cloud build service account permission to build
I have my env set as Cloud build app (Github app) to provision terraform through cloud build
to Google Cloud Platform. The build is a simple cloud composer with cloud functions, that creates these ...
- 71
2
votes
1
answer
17k
views
Terraform: how to iterate over key-value pairs of map input via json file
This is my input json file:
{
"inputs": [
{
"acct_id": "foo-bar-15",
"display_name": "foo bar",
"project-...
- 2,594
2
votes
1
answer
805
views
Terraform: Optional fields in Resource
In terraform I'm trying to create some firewall rules, which normally don't have logging enabled - to accomplish this, I must not have the log_config field created. However, I have a variable ...
1
vote
1
answer
6k
views
Terraform init reports Failed to query provider packages via Github Actions
Dunno what is going on and need your help. It works doing locally but via pipeline I keep getting issue on retrieving provider packages.
My github configuration:
- name: Setup Terraform
uses: ...
- 533
1
vote
2
answers
13k
views
Unable to run metadata_startup_script in Terraform
I have a terraform script
resource "google_compute_attached_disk" "default3" {
disk = google_compute_disk.default2.id
instance = google_compute_instance.default.id
}
...
user15224751