topasseoseo1@cloudshell:~ (secret-zephyr-348001)$ more *.tf :::::::::::::: gcp_compute.tf :::::::::::::: data "google_compute_zones" "available" { region = var.gcp_region } resource "google_compute_address" "gcp-ip" { name = "gcp-vm-ip-${var.gcp_region}" region = var.gcp_region } resource "google_compute_instance" "gcp-vm" { name = "gcp-vm-${var.gcp_region}" machine_type = var.gcp_instance_type zone = data.google_compute_zones.available.names[0] boot_disk { initialize_params { image = var.gcp_disk_image } } network_interface { subnetwork = google_compute_subnetwork.gcp-subnet1.name network_ip = var.gcp_vm_address access_config { # Static IP nat_ip = google_compute_address.gcp-ip.address } } } :::::::::::::: gcp_networking.tf :::::::::::::: resource "google_compute_network" "gcp-network" { name = "bgame-gcp-dev-vpc" auto_create_subnetworks = "false" } resource "google_compute_subnetwork" "gcp-subnet1" { name = "bgame-gcp-dev-pub-subnet1" ip_cidr_range = var.gcp_subnet1_cidr network = google_compute_network.gcp-network.name region = var.gcp_region } :::::::::::::: gcp_outputs.tf :::::::::::::: output "gcp_instance_external_ip" { value = <<-EOF ${google_compute_instance.gcp-vm.network_interface[0].access_config[0].nat_ip} EOF } output "gcp_instance_internal_ip" { value = google_compute_instance.gcp-vm.network_interface[0].network_ip } :::::::::::::: gcp_security.tf :::::::::::::: # Allow PING testing. resource "google_compute_firewall" "gcp-allow-icmp" { name = "${google_compute_network.gcp-network.name}-gcp-allow-icmp" network = google_compute_network.gcp-network.name allow { protocol = "icmp" } source_ranges = [ "0.0.0.0/0", ] } # Allow SSH for iperf testing. resource "google_compute_firewall" "gcp-allow-ssh" { name = "${google_compute_network.gcp-network.name}-gcp-allow-ssh" network = google_compute_network.gcp-network.name allow { protocol = "tcp" ports = ["22"] } source_ranges = [ "0.0.0.0/0", ] } # Allow TCP traffic from the Internet. resource "google_compute_firewall" "gcp-allow-internet" { name = "${google_compute_network.gcp-network.name}-gcp-allow-internet" network = google_compute_network.gcp-network.name allow { protocol = "tcp" ports = ["80"] } source_ranges = [ "0.0.0.0/0", ] } resource "google_compute_firewall" "https" { name = "gcp-network-https" network = google_compute_network.gcp-network.name allow { protocol = "tcp" ports = ["443"] } direction = "INGRESS" source_ranges = ["0.0.0.0/0"] } resource "google_compute_firewall" "gcp-allow-all" { name = "gcp-network-allow-all" network = google_compute_network.gcp-network.name allow { protocol = "all" } direction = "INGRESS" source_ranges = ["0.0.0.0/0"] } :::::::::::::: gcp_variables.tf :::::::::::::: variable "gcp_region" { description = "Default region." default = "asia-northeast3" } variable "gcp_network_cidr" { default = "10.0.8.0/21" } variable "gcp_subnet1_cidr" { default = "10.0.8.0/24" } :::::::::::::: gcp_variables_vm.tf :::::::::::::: variable "gcp_instance_type" { description = "Machine Type. Correlates to an network egress cap." default = "n1-standard-1" } variable "gcp_disk_image" { description = "Boot disk for gcp_instance_type." default = "projects/ubuntu-os-cloud/global/images/family/ubuntu-1804-lts" } variable "gcp_vm_address" { description = "Private IP address for GCP VM instance." default = "10.0.8.100" } :::::::::::::: main.tf :::::::::::::: provider "google" { region = var.gcp_region } topasseoseo1@cloudshell:~ (secret-zephyr-348001)$