**Get started with Terraform**
- reference link: https://cloud.google.com/docs/terraform/get-started-with-terraform
- reference for source code: https://github.com/terraform-google-modules/terraform-docs-samples/blob/main/flask_google_cloud_quickstart/main.tf
- goal: 
    - Use Terraform to create a VM in Google Cloud
    - Start a basic Python Flask server.

**Create the compute engine vm**
- **create the directory**
    - mkdir tf-tutorial && cd tf-tutorial
    - nano main.tf
- **create the virtual private cloud network (vpc) and subnet**
- **create compute engine vm resource**
- **initialize terraform**
    - command: terraform init
- **validate the terraform configuration**
    - command: terraform fmt. To check format
    - command: terraform validate. To valide the terraform configuration
- **apply the configuration**
    - terraform apply
    

**Deploy a web server on google cloud**
- given we have resources like vpc network and subnet, compute engine vm. Now, we want to deploy a simple web application on gcp
- **add a custom ssh firewall rule**
    - create google_compute_firewall resource which allow tcp access on port 22
    - with this resource we can access this vm machine with open ssh
- **connect vm through ssh**
    - connect with your vm with open ssh command line
- **build the flask app**
    - connect with vm
    - write simple fask application
    - run the app with command: python3 app.py
    - check the apply is run on vm on the second console with command: curl http://0.0.0.0:5000
- **open port 5000 on vm**
    - create google_compute_firewall resouce which allow traffic type tcp and port 5000 (the port which application is run on)
- **add output variable for the web server**
    - reference link: https://developer.hashicorp.com/terraform/language/values/outputs
    - Output values make information about your infrastructure available on the command line,
    - Can expose information for other Terraform configurations to use
    - Output values are similar to return values in programming languages.
    - in the example we want to get external ip of the vm easily with command: terraform output

**Note about resource we will deploy in this turotial**
- virtual private cloud network with resource name google_compute_network
- virtual private cloud subnetwork with resource name google_compute_subnetwork
- compute engine vm with resource name google_compute_instance

**Config information and reference:**
- https://cloud.google.com/compute/docs/regions-zones. This is reference link to regions and zones of gcp
- gcloud commpute regions list | grep asia-southeast. this command to list availabe regions of gcloud
- gclod commpute zones list | grep asia-southeast. This command to list available zones
- gcloud compute mamchine-types list --zones="asia-southeast1-a". This command to list machine-types of a given zones
- gcloud compute images list | grep [ubuntu/debian]. This command to list available images


In [None]:
#to have bucket permission we need roles/storage.admin
#reference about role in cloud storage: https://cloud.google.com/storage/docs/access-control/iam-roles
#using command: gcloud projects add-iam-policy-binding to binding 
gcloud projects add-iam-policy-binding $project_id --member="serviceAccount:$terraform_service_account" --role="$role_three"

In [None]:
#to check the role of a service account
gcloud projects get-iam-policy $project_id  \
--flatten="bindings[].members" \
--format='table(bindings.role)' \
--filter="bindings.members:$terraform_service_account"

In [None]:
#using gcloud to ssh to vm machine
gcloud compute ssh --project=$project_id --zone=$zone $vm_name

In [None]:
#to check we have a web server is running 
#one: one different termial ssh to the remote machine
#run curl command:
curl http://0.0.0.0:5000

In [None]:
#to check firewall work, that we can access vm from outsite of the network
#one: define out variable in terraform with output
#two: re-apply main.tf
#three: run curl command with external ip

In [None]:
#to check that bucket have been create use gcloud storage ls command
gcloud storage ls

In [None]:
#destroy all deployment to save money
terraform destroy