This Google Cloud Virtual Machine module allows you to easily configure and deploy any needed instances. This module will create the virtual machine as well as setup a snapshot schedule. Coalfire has tested this module with Terraform version 1.5.0 and the Hashicorp Google provider versions 4.70 - 5.0.
FedRAMP Compliance: High
data "google_compute_image" "rhel_9" {
project = "rhel-cloud"
filter = "name=rhel-9-v20231010"
}
module "linux_bastion" {
source = "github.com/Coalfire-CF/terraform-google-vm"
project_id = data.terraform_remote_state.bootstrap.outputs.management_project_id
name = "linbastion"
machine_type = "e2-standard-2"
source_image = data.google_compute_image.rhel_9.self_link
disk_size_gb = 50
disk_encryption_key = data.terraform_remote_state.bootstrap.outputs.gce_kms_key_id
zones = [data.google_compute_zones.available.names[0]]
subnetwork = data.terraform_remote_state.networking.outputs.subnets_private["dmz"]
access_config = [{
}]
labels = {
osfamily = "rhel9",
ostype = "linux",
app = "management",
patchgroup = "1"
}
service_account = {
email = module.bastion-svc-acct.email
scopes = ["cloud-platform"]
}
startup_scripts = [
{
path = "${path.module}/path/to/script.sh"
}
]
tags = ["ext-ssh"]
}No requirements.
| Name | Version |
|---|---|
| n/a |
No modules.
| Name | Type |
|---|---|
| google_compute_disk_resource_policy_attachment.policy_attachment | resource |
| google_compute_instance.compute_instance | resource |
| google_kms_crypto_key_iam_member.crypto_key_encrypter | resource |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| access_config | Access configurations, i.e. IPs via which the VM instance can be accessed via the Internet. | list(object({ |
[] |
no |
| additional_networks | Additional network interface details for GCE, if any. | list(object({ |
[] |
no |
| auto_delete | Whether or not the boot disk should be auto-deleted | bool |
true |
no |
| can_ip_forward | Enable IP forwarding, for NAT instances for example | bool |
false |
no |
| deletion_protection | Enable deletion protection on this instance. Note: you must disable deletion protection before removing the resource, or the instance cannot be deleted and the Terraform run will not complete successfully. | bool |
false |
no |
| disk_encryption_key | The self_link of the encryption key that is stored in Google Cloud KMS to encrypt this disk. | string |
n/a | yes |
| disk_labels | Labels to be assigned to boot disk, provided as a map | map(string) |
{} |
no |
| disk_size_gb | Boot disk size in GB | number |
100 |
no |
| disk_type | Boot disk type, can be either pd-ssd, local-ssd, or pd-standard | string |
"pd-ssd" |
no |
| domain_name | Domain name of instances, prefixed by '.' | string |
"" |
no |
| labels | Labels, provided as a map | map(string) |
{} |
no |
| machine_type | Machine type to create, e.g. n1-standard-1 | string |
"n1-standard-1" |
no |
| metadata | Metadata, provided as a map | map(string) |
{} |
no |
| min_cpu_platform | Specifies a minimum CPU platform. Applicable values are the friendly names of CPU platforms, such as Intel Haswell or Intel Skylake. See the complete list: https://cloud.google.com/compute/docs/instances/specify-min-cpu-platform | string |
null |
no |
| name | Name of instances | string |
n/a | yes |
| network | The name or self_link of the network to attach this interface to. Use network attribute for Legacy or Auto subnetted networks and subnetwork for custom subnetted networks. | string |
"" |
no |
| network_ip | Private IP address to assign to the instance if desired. | any |
"" |
no |
| num_instances | Number of instances to create. | number |
1 |
no |
| project_id | The GCP project ID | string |
null |
no |
| service_account | Service account to attach to the instance. See https://www.terraform.io/docs/providers/google/r/compute_instance_template.html#service_account. | object({ |
n/a | yes |
| snapshot_schedule | Name of snapshot schedule | string |
null |
no |
| source_image | Source disk image. If neither source_image nor source_image_family is specified, defaults to the latest public CentOS image. | string |
"" |
no |
| startup_scripts | User startup scripts to run when instances spin up | list(object({ |
null |
no |
| subnetwork | The name of the subnetwork to attach this interface to. The subnetwork must exist in the same region this instance will be created in. Either network or subnetwork must be provided. | string |
"" |
no |
| subnetwork_project | The ID of the project in which the subnetwork belongs. If it is not provided, the provider project is used. | string |
"" |
no |
| tags | Network tags, provided as a list | list(string) |
[] |
no |
| zones | Zones where the instances should be created. If not specified, instances will be spread across available zones in the region. | list(string) |
null |
no |
| Name | Description |
|---|---|
| id | ID of instance. |
| image | Self-link of the image. |
| instance_id | Server-assigned unique identifier of this instance. |
| instances_details | List of all details for compute instances |
| labels | Labels that will be associated with the instance. |
| name | Name of instance. |
| private_ip | Private IP address assigned to the instance. |
| public_ip | Public IP address assigned to the instance. |
| self_link | Self-link of the instance. |
| service_account | Service account attached to the instance. |
| status | Current status of the instance. |
| tags | Tags that will be associated with the instance. |
| zone | Zone that the instance is located in. |