My IaaC using Terraform for Google Cloud Platform for: CYSE6225 Network Structures & Cloud Computing
- VPC Network:
- Disabled auto-create
- Regional routing mode
- No default routes
- Subnet #1: webapp
- /24 CIDR range
- Subnet #2: db
- /24 CIDR range
- Attached Internet Gateway to the VPC for allowing incoming requests
- VPC Peering Connection for connection to Private CloudSQL
- VPC Serverless Access for connection to CloudSQL
- Firewall, Ingress:
- Allow only tcp:8080 for load balancer default source ranges
- Allow only tcp:22 for ssh for vm instances
- Deny all
PostgreSQL Private Cloud SQL attached to VPC
All configuartions to webapplication added to Instance Template
Lifecycle of instance automatically managed for webapp instances
- Frontend Load balancer: Supporting only https, set up with SSL Certificates
- Backend Load Balancer: Configrable Load balancing strategies
- Health Check: /healthz
Email Verification Event sent in PubSub
Sending Email Verification through Servless CLoud Function
Separate IAM roles for:
- Creating resources
- Logging & Metric Functionalities
- Running Cloud Functions
- Key ring being used for deployment
- Separate Customer managed key resources for:
- Virtual Machines
- CloudSQL Instance
- Cloud Storage Buckets
- Customer managed keys rotated with 30 day rotation period (configurable) used while launching resources
-
Add your variables in ./terraform.tfvars
-
Terraform Initalization
terraform init
- Terraform Validate
terraform validate
- Terraform Apply
terraform apply
Used
- Compute Engine API
- Serverless VPC Access API
- Cloud Monitoring API
- Cloud Functions API
- Eventarc API
- Cloud Pub/Sub API
- Cloud Logging API
- Cloud Deployment Manager V2 API
- Cloud Run Admin API
- Cloud SQL Admin API
- Artifact Registry API
- Cloud Resource Manager API
- Identity and Access Management (IAM) API
- Service Networking API
- Cloud Build API
- Cloud DNS API
- Certificate Manager API
- Service Usage API
- Cloud Key Management Service (KMS) API
Unused:
- Cloud OS Login API
- Cloud Storage
- Container Registry API
- Firewall Insights API
- Google Cloud Storage JSON API
- IAM Service Account Credentials API
- Legacy Cloud Source Repositories API
- Stackdriver API