Deploy a hardened Compute Engine instance on Google Cloud with security in mind and using Terraform for deployment. The Terraform script has been set up to be deployed on its own, meaning in an empty Google Cloud project.
The direct-attached static IPv4 address is for testing purposes. It's recommended not to expose Compute Engine instances directly to the internet but to place them behind a load balancer.
What the Terraform plan does?
- Create VPC Network
- Add subnet to VPC
- Create a dedicated Service Account (Limited permissions)
- Add ServiceAccount Role to the created Service Account
- Assign the minimum required Scope to Service Account
- Reserve static internal and public IPv4 address
- Deploy Linux based Compute Engine Instance
- Create VPC firewall rules
Running the Terraform plan Make sure to adjust the Google Cloud project in the variables.tf file before deploying and change the "awesomename" placeholder to something Awesome ;)
Run the Terraform plan:
- terraform init
- terraform apply
Happy coding, VAMOS!