Creates basic infrastructure for a project:
- a bucket for terraform state
- enabled apis
- a service account for your deployment pipeline
- IaC EVERYTHING!
- If you want to start a new env in a new google-project, you don't want to manually enable all required api's
- CI/CD pipeline
- you are the first person setting up a new project
- your project requires new apis
- your project's service account requires new permissions
- copy it into your folder
- follow the steps in the readme
- add the minimal role possible, for security reasons
Creates basic scaffolding for your service according to Google's terraform best practices
- copy it into your folder
- follow the steps in the readme
- run the infra-service always as a service account, this way you keep it's permissions up to date (see 'How to' section)
https://github.com/tjenwellens/docker-alias
gcloud auth login
export GOOGLE_OAUTH_ACCESS_TOKEN=$(gcloud auth print-access-token)
# whatever terraform commands you want to run
terraform init
terraform plan
- go to google cloud console project
- Navigate to 'IAM & Admin'
- Navigate to the service account - PERMISSIONS
- Grant access
- New principals =
<your-email>
- Role =
Service Account Token Creator
(akaroles/iam.serviceAccountTokenCreator
)
- New principals =
gcloud auth login
SERVICE_ACCOUNT = "<sa-email>"
export GOOGLE_OAUTH_ACCESS_TOKEN=$(gcloud --impersonate-service-account=${SERVICE_ACCOUNT} auth print-access-token)
# whatever terraform commands you want to run
terraform init
terraform plan