My IaaC using Terraform for Google Cloud Platform for: CYSE6225 Network Structures & Cloud Computing

• VPC Network:
  • Disabled auto-create
  • Regional routing mode
  • No default routes
• Subnet #1: webapp
  • /24 CIDR range
• Subnet #2: db
  • /24 CIDR range
• Attached Internet Gateway to the VPC for allowing incoming requests
• VPC Peering Connection for connection to Private CloudSQL
• VPC Serverless Access for connection to CloudSQL
• Firewall, Ingress:
  • Allow only tcp:8080 for load balancer default source ranges
  • Allow only tcp:22 for ssh for vm instances
  • Deny all

PostgreSQL Private Cloud SQL attached to VPC

All configuartions to webapplication added to Instance Template

Lifecycle of instance automatically managed for webapp instances

• Frontend Load balancer: Supporting only https, set up with SSL Certificates
• Backend Load Balancer: Configrable Load balancing strategies
• Health Check: /healthz

Email Verification Event sent in PubSub

Sending Email Verification through Servless CLoud Function

Separate IAM roles for:

• Creating resources
• Logging & Metric Functionalities
• Running Cloud Functions

• Key ring being used for deployment
• Separate Customer managed key resources for:
  • Virtual Machines
  • CloudSQL Instance
  • Cloud Storage Buckets
• Customer managed keys rotated with 30 day rotation period (configurable) used while launching resources

1. Add your variables in ./terraform.tfvars

2. Terraform Initalization

terraform init

3. Terraform Validate

terraform validate

4. Terraform Apply

terraform apply

Used

• Compute Engine API
• Serverless VPC Access API
• Cloud Monitoring API
• Cloud Functions API
• Eventarc API
• Cloud Pub/Sub API
• Cloud Logging API
• Cloud Deployment Manager V2 API
• Cloud Run Admin API
• Cloud SQL Admin API
• Artifact Registry API
• Cloud Resource Manager API
• Identity and Access Management (IAM) API
• Service Networking API
• Cloud Build API
• Cloud DNS API
• Certificate Manager API
• Service Usage API
• Cloud Key Management Service (KMS) API

Unused:

• Cloud OS Login API
• Cloud Storage
• Container Registry API
• Firewall Insights API
• Google Cloud Storage JSON API
• IAM Service Account Credentials API
• Legacy Cloud Source Repositories API
• Stackdriver API

1. Install Chocolatey
2. Install Terraform using Chocolatey
3. Install gcloud cli
4. Set up Terraform