guillermo-musumeci · amit-tewari · Jun 20, 2023
diff --git a/network-firewall.tf b/network-firewall.tf
@@ -2,30 +2,33 @@
 
 # Allow http
 resource "google_compute_firewall" "allow-http" {
-  name    = "${var.app_name}-${var.app_environment}-fw-allow-http"
-  network = "${google_compute_network.vpc.name}"
+  name          = "${var.app_name}-${var.app_environment}-fw-allow-http"
+  network       = google_compute_network.vpc.name
+  source_ranges = var.source_ranges
   allow {
     protocol = "tcp"
     ports    = ["80"]
   }
-  target_tags = ["http"] 
+  target_tags = ["http"]
 }
 
 # allow https
 resource "google_compute_firewall" "allow-https" {
-  name    = "${var.app_name}-${var.app_environment}-fw-allow-https"
-  network = "${google_compute_network.vpc.name}"
+  name          = "${var.app_name}-${var.app_environment}-fw-allow-https"
+  network       = google_compute_network.vpc.name
+  source_ranges = var.source_ranges
   allow {
     protocol = "tcp"
     ports    = ["443"]
   }
-  target_tags = ["https"] 
+  target_tags = ["https"]
 }
 
 # allow ssh
 resource "google_compute_firewall" "allow-ssh" {
-  name    = "${var.app_name}-${var.app_environment}-fw-allow-ssh"
-  network = "${google_compute_network.vpc.name}"
+  name          = "${var.app_name}-${var.app_environment}-fw-allow-ssh"
+  network       = google_compute_network.vpc.name
+  source_ranges = var.source_ranges
   allow {
     protocol = "tcp"
     ports    = ["22"]
@@ -35,8 +38,9 @@ resource "google_compute_firewall" "allow-ssh" {
 
 # allow rdp
 resource "google_compute_firewall" "allow-rdp" {
-  name    = "${var.app_name}-${var.app_environment}-fw-allow-rdp"
-  network = "${google_compute_network.vpc.name}"
+  name          = "${var.app_name}-${var.app_environment}-fw-allow-rdp"
+  network       = google_compute_network.vpc.name
+  source_ranges = var.source_ranges
   allow {
     protocol = "tcp"
     ports    = ["3389"]

diff --git a/network-variables.tf b/network-variables.tf
@@ -2,19 +2,19 @@
 
 # define GCP region
 variable "gcp_region_1" {
-  type = string
+  type        = string
   description = "GCP region"
 }
 
 # define GCP zone
 variable "gcp_zone_1" {
-  type = string
+  type        = string
   description = "GCP zone"
 }
 
 # define Public subnet
 variable "public_subnet_cidr_1" {
-  type = string
+  type        = string
   description = "Public subnet CIDR 1"
 }
 
diff --git a/network.tf b/network.tf
@@ -5,6 +5,7 @@ resource "google_compute_network" "vpc" {
   name                    = "${var.app_name}-${var.app_environment}-vpc"
   auto_create_subnetworks = "false"
   routing_mode            = "GLOBAL"
+  project                 = var.app_project
 }
 
 # create public subnet
@@ -18,7 +19,7 @@ resource "google_compute_subnetwork" "public_subnet_1" {
 # allow internal icmp (disable for better security)
 resource "google_compute_firewall" "allow-internal" {
   name    = "${var.app_name}-${var.app_environment}-fw-allow-internal"
-  network = "${google_compute_network.vpc.name}"
+  network = google_compute_network.vpc.name
   allow {
     protocol = "icmp"
   }

diff --git a/provider.tf b/provider.tf
@@ -6,7 +6,7 @@ terraform {
 
 provider "google" {
   project = var.app_project
-  credentials = file(var.gcp_auth_file)
-  region  = var.gcp_region_1
-  zone    = var.gcp_zone_1
+  #credentials = file(var.gcp_auth_file)
+  region = var.gcp_region_1
+  zone   = var.gcp_zone_1
 }
diff --git a/terraform.tfvars b/terraform.tfvars
@@ -1,6 +1,6 @@
 # Application Definition 
 app_name        = "kopicloud" #do NOT enter any spaces
-app_environment = "test" # Dev, Test, Prod, etc
+app_environment = "test"      # Dev, Test, Prod, etc
 app_domain      = "kopicloud.com"
 app_project     = "kopicloud"
 
@@ -10,4 +10,5 @@ gcp_zone_1    = "europe-west1-b"
 gcp_auth_file = "../auth/kopicloud-tfadmin.json"
 
 # GCP Netwok
-public_subnet_cidr_1  = "10.10.1.0/24"
+public_subnet_cidr_1 = "10.10.1.0/24"
+source_ranges        = ["0.0.0.0/0"]
diff --git a/variables-auth.tf b/variables-auth.tf
@@ -2,30 +2,38 @@
 
 # GCP authentication file
 variable "gcp_auth_file" {
-  type = string
+  type        = string
   description = "GCP authentication file"
 }
 
 # define GCP project name
 variable "app_project" {
-  type = string
+  type        = string
   description = "GCP project name"
 }
 
 # define application name
 variable "app_name" {
-  type = string
+  type        = string
   description = "Application name"
 }
 
 # define application domain
 variable "app_domain" {
-  type = string
+  type        = string
   description = "Application domain"
 }
 
 # define application environment
 variable "app_environment" {
-  type = string
+  type        = string
   description = "Application environment"
 }
+
+variable "source_ranges" {
+  type = list(string)
+}
+variable "image" {
+  type    = string
+  default = "debian-12-bookworm-v20230609"
+}
diff --git a/vm-output.tf b/vm-output.tf
@@ -11,3 +11,10 @@ output "vm-external-ip" {
 output "vm-internal-ip" {
   value = google_compute_instance.vm_instance_public.network_interface.0.network_ip
 }
+output "z_gcloud-compute-ssh-command" {
+  value = <<EOF
+
+Connect to the VM using following command:
+gcloud compute ssh --zone '${google_compute_instance.vm_instance_public.zone}' '${google_compute_instance.vm_instance_public.name}' --project '${google_compute_instance.vm_instance_public.project}'
+EOF
+}
diff --git a/vm.tf b/vm.tf
@@ -2,7 +2,7 @@
 
 # Terraform plugin for creating random ids
 resource "random_id" "instance_id" {
- byte_length = 4
+  byte_length = 4
 }
 
 # Create VM #1
@@ -11,19 +11,19 @@ resource "google_compute_instance" "vm_instance_public" {
   machine_type = "f1-micro"
   zone         = var.gcp_zone_1
   hostname     = "${var.app_name}-vm-${random_id.instance_id.hex}.${var.app_domain}"
-  tags         = ["ssh","http"]
+  tags         = ["ssh", "http"]
 
   boot_disk {
     initialize_params {
-      image = "ubuntu-os-cloud/ubuntu-1804-lts"
+      image = var.image
     }
   }
 
   metadata_startup_script = "sudo apt-get update; sudo apt-get install -yq build-essential apache2"
 
   network_interface {
-    network       = google_compute_network.vpc.name
-    subnetwork    = google_compute_subnetwork.public_subnet_1.name
-    access_config { }
+    network    = google_compute_network.vpc.name
+    subnetwork = google_compute_subnetwork.public_subnet_1.name
+    access_config {}
   }
-} 
+}