Image for post
Image for post

Terraforming GCP Part 1: Creating an Admin Project

Level: Intermediate-Advanced

GCP (Google Cloud Platform) organizes all your GCP resources into a project. Projects form the basis for creating, enabling, and all Cloud Platform resources. A common pattern would be to create a project for production and a project for staging.

When managing your infrastructure through automation, such as GCloud SDK, Ansible, or Terraform, you would normally create cloud resources using a service account from an existing project. Alternatively, you may want to keep resources that are needed for managing a project separate form the actual projects you create. You can do this by creating an Administration Project.

Below is how you can use Admin project pattern for use with Terraform.

Before we begin, you need to have a google account that is associated to an organization, the root node in GCP resource hierarchy, and administrative rights to this organization. The common Gmail account does NOT have this access. You can create an organization through G-Suite, which costs money, or for free with a Cloud Identity.

Before creating either one of these, you need to own a domain name. During the process of creating a Cloud Identity, google can verify domain ownership through variety of online domain registrars, such as GoDaddy.

Assuming you have a domain setup with G-Suite or Cloud Identity so that you can use an organization, you can begin by creating a Admin project and link it to a billing account.

Now that we have a linked project, we have a few chores below:

  • Create service account and download service account credentials
  • Grant permissions to manage projects and GCS bucket (which will be used later to store Terraform state)
  • Grant permissions to service account (requires organization) associated with Admin project

For small teams, the Terraform state can be encrypted with git-crypt or another tool, and then saved into the git repository in encrypted format.

Alternatively, another option would be to store this in a GCS bucket.

In this article I focused on the prerequisite concept material and initial setup of GCP credentials using an Admin project pattern. I will follow up with initializing your Terraform environment using these credentials, and then creating some resources using Terraform.

This story is directly based on the tutorial Managing GCP Proejct with Terraform by Dan Isla on June 18, 2017.

Written by

Linux NinjaPants Automation Engineering Mutant — exploring DevOps, Kubernetes, CNI, IAC

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store