Terraform on Google Cloud Engine Quickstart

by Jannik Arndt

This is a quickstart for building something on Google Compute Engine without clicking any buttons (after you created the project).

Prerequisites

Install terraform:

$ brew install terraform

Install Google Cloud SDK:

$ brew cask install google-cloud-sdk

create a new project in the console and login

$ gcloud auth application-default login

If you are using IntelliJ IDEA, install the HashiCorp Terraform Plugin.

Option A: Import a project

If you have created a project using the console, create a config.tf with the basic settings:

provider "google" {
    region      = "eu-central-1"
}

resource "google_project" "project" {}

Now run terraform init to download the google provider plugin. Now import the project via

$ terraform import google_project.project project-id-186346

You now have a corresponding terraform.tfstate file that contains the name, billing account and other info about your project.

Option B: Create a new project from scratch

Make a new folder and create a config.tf file:

provider "google" {
  region      = "eu-central-1"
}

resource "google_project" "project" {
  name = "holisticon"
  project_id = "holisticon-123456"
  billing_account = "01B8C8-F33191-3DE337" // optional
}

Now run terraform init to download the google provider plugin. Next run terraform apply to create the project. Note that the project_id may not already exist. The billing_account is optional. Also you can only have a maximum of 12 projects at the same time.

Adding people

So far you are the owner of the new project. Now you can create IAM roles and add other people to your project:

resource "google_project_iam_binding" "project_editors" {
  project = "${google_project.project.project_id}"
  role = "roles/editor"
  members = [
    "user:nice.coworker@holisticon.de",
  ]
}

You can find a description of all roles here. Note that you cannot grant the owner role through the API but only using the Cloud Platform Console.

Blog


This is a basic example how to implement oAuth2 using Akka HTTP and Scala. It provides three endpoints. From the clients point of view:

  • / — publicly accessible, returns “Welcome!”,
  • /auth — provide your username and password, receive an access_token in return,
  • /api — secured by oAuth, send the access_token in a header to gain access.

From the server’s point of view:

  • / — publicly accessible, do nothing,
  • /auth — receive basic auth credentials, verify they’re in the list of known credentials, create an access_token, return it,
  • /api — receive authorization header, check if access_token is in list of valid tokens.

Since oAuth tokens are short lived, the server also has to invalidate expired tokens.




Getting a Akka HTTP-based backend up and running on Heroku for free can be done in less then 30 minutes — if you know the tricks.




This example show how to write a reactive reader for the AWS Simple Queue Service, using Scala and alpakka (respective akka streams).