お疲れ様です。
Google Cloud Platform(GCP)にお世話になってる菊村です。
最近は作っては壊して作っては壊してを何回でもやれるようにTerraformでGoogle Cloud Platform(GCP)のインフラストラクチャを書いて検証やってます。普段はAWSのCloudFormationやAWS CDKにお世話になってますが今週は”TerraformでGCPでエンジニアやってるなう!”って雰囲気出してます笑。
目次
Google Cloud Platform(GCP)って何?おいしいの?
今までは物理的にパソコンやらストレージを買ったり借りたりして色々な情報サービスを作ったりしていた世の中ですが、クラウドコンピューティングサービスが登場してきたことにより物理的に機材を購入しなくてもインターネット上に仮想プライベートネットワーク領域を作成して仮想コンピュータや仮装ストレージなどを初期投資0で使った分だけのサブスク感覚で使うことができるサービスです。
クラウドコンピューティングサービスとかネイティブクラウドとかパブリッククラウドとか呼び方は色々ありますが、代表的なものでAmazonが提供しているAWS、Microsoftが提供しているAzure、そして本記事で紹介するGoogleが提供するGoogle Cloud Platform(GCP)があります。
他にも OracleCloudやアリババクラウド、IBMクラウドなど、もう割と色々あります笑。
GCPの特徴
GCPは多くの特徴を持っており、その中でも以下の点が注目されています。
1.堅牢な基盤 :
Googleは世界中に分散したデータセンターインフラストラクチャを持ち、高可用性と耐久性を提供します。データの冗長性とセキュリティが重要な場面でも信頼性の高いサービスを提供できます。
2:機械学習と人工知能:
GCPは機械学習(ML)と人工知能(AI)に特化したツールとサービスを提供し、データ駆動型のアプリケーション開発をサポートします。TensorFlowやAI Platformなどのサービスは、MLプロジェクトの開発を簡素化します。
3.スケーラビリティと柔軟性:
GCPは、計算、ストレージ、データベースなどのリソースを必要に応じてスケーリングできる柔軟性を提供します。これにより、アプリケーションが成長するにつれてもコストを最適化できます。
4.セキュリティ:
GCPは、データのセキュリティとプライバシーに優れた機能を提供し、DDoS攻撃への対策やデータの暗号化など、高度なセキュリティを確保します。
5.エコシステム:
GCPは豊富なエコシステムを持っており、Kubernetes、BigQuery、Cloud Functionsなどのツールやサービスを通じて、開発者やデータエンジニアに強力なツールを提供しています。
GCPの詳細情報やサービスについては、GoogleCloudの公式ウェブサイトをご覧ください。
TerraformでGCPのインフラを作る!
【前提条件】
- GCPのアカウントを作成済みであること
- Google Cloudプロジェクトが作成されてあり選択できること
- インフラリソース構築時に必要な権限があること(お試しであれば管理者権限でもOK)
- Compute EngineAPIを有効にする
本記事ではGoogle Cloud Shellを使って以下の構成を実装していきます
まずは以下のコマンドを実行しディレクトリ作成とディレクトリの移動をしましょう。
$ mkdir tf-tutorial && cd tf-tutorialネットワーク用のtfファイルとVMマシン作成用のtfファイルをそれぞれ作成しました。
まとめて一つのファイルで作成しても大丈夫です。
ディレクトリ構造は以下のような感じです。
※ この記事では説明を省きますがモジュール化やvariableファイルなど開発を効率的に進めるためのテクニックがかなり多いです。
tf-tutorial
|-- vm.tf
`-- vpc.tfVPC作成用のTerraformコードは以下のように簡単に書きました。
# =======================================================================
# プロバイダ設定
# =======================================================================
provider "google" {
project = "cobalt-upgrade-388102"
region = "asia-northeast1-a"
}
# =======================================================================
# Create VPC_Network
# =======================================================================
resource "google_compute_network" "my-vpc" {
name = "my-vpc"
auto_create_subnetworks = false
}
# =======================================================================
# Crate VPC_Subnetwork
# =======================================================================
resource "google_compute_subnetwork" "subnet-1" {
name = "subnet-1"
ip_cidr_range = "192.168.0.0/24"
region = "asia-northeast1"
network = google_compute_network.my-vpc.self_link
}
# =======================================================================
# SSH用ファイアウォール
# =======================================================================
resource "google_compute_firewall" "ssh" {
name = "allow-ssh"
network = google_compute_network.my-vpc.id
allow {
protocol = "tcp"
ports = ["22"]
}
direction = "INGRESS"
priority = 1000
source_ranges = ["0.0.0.0/0"]
target_tags = ["ssh"]
}
# =======================================================================
# ICMP用ファイアウォールルール
# =======================================================================
resource "google_compute_firewall" "icmp" {
name = "allow-icmp"
network = google_compute_network.my-vpc.id
allow {
protocol = "icmp"
}
source_ranges = ["0.0.0.0/0"]
target_tags = ["ssh"]
}
# =======================================================================
# 443用ファイアウォールルール
# =======================================================================
resource "google_compute_firewall" "https" {
name = "allow-tcp"
network = google_compute_network.my-vpc.id
allow {
protocol = "tcp"
ports = ["443"]
}
source_ranges = ["0.0.0.0/0"]
target_tags = ["tcp"]
}続いて仮想マシンを作成するためのTerraformコードです。
# =======================================================================
# Create a single Compute Engine instance vm-1
# =======================================================================
resource "google_compute_instance" "vm-1" {
name = "vm-1"
machine_type = "e2-small"
zone = "asia-northeast1-a"
tags = ["ssh", "tcp"]
boot_disk {
initialize_params {
image = "ubuntu-os-cloud/ubuntu-2204-lts"
size = "30"
}
}
# =======================================================================
# Create a Network_interface
# =======================================================================
network_interface {
network = google_compute_network.my-vpc.name
subnetwork = google_compute_subnetwork.subnet-1.name
access_config {
// パブリックIPを自動付与
}
}
}コードを書き終えたらterraform initを実行し必要なプラグインを追加、.terraformディレクトリをビルドします。
kikumura_twitter@cloudshell:~/tf-tutorial (cobalt-upgrade-388102)$ terraform init
Initializing the backend...
Initializing provider plugins...
- Finding latest version of hashicorp/google...
- Installing hashicorp/google v4.81.0...
- Installed hashicorp/google v4.81.0 (signed by HashiCorp)
Terraform has created a lock file .terraform.lock.hcl to record the provider
selections it made above. Include this file in your version control repository
so that Terraform can guarantee to make the same selections by default when
you run "terraform init" in the future.
Terraform has been successfully initialized!
You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.
If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.続いてこれまで書いたTerraformのコードが正しい構成なのかコードを検証します。
検証するためのコマンドは “terraform plan”を実行します。再び構築されるリソースが出力されるので再度、確認して問題がなければ”yes”で実行します。
terraform plan
Terraform used the selected providers to generate the following execution plan. Resource
actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# google_compute_firewall.https will be created
+ resource "google_compute_firewall" "https" {
+ creation_timestamp = (known after apply)
+ destination_ranges = (known after apply)
+ direction = (known after apply)
+ enable_logging = (known after apply)
+ id = (known after apply)
+ name = "allow-tcp"
+ network = "my-vpc"
+ priority = 1000
+ project = (known after apply)
+ self_link = (known after apply)
+ source_ranges = [
+ "0.0.0.0/0",
]
+ target_tags = [
+ "tcp",
]
+ allow {
+ ports = [
+ "443",
]
+ protocol = "tcp"
}
}
# google_compute_firewall.icmp will be created
+ resource "google_compute_firewall" "icmp" {
+ creation_timestamp = (known after apply)
+ destination_ranges = (known after apply)
+ direction = (known after apply)
+ enable_logging = (known after apply)
+ id = (known after apply)
+ name = "allow-icmp"
+ network = "my-vpc"
+ priority = 1000
+ project = (known after apply)
+ self_link = (known after apply)
+ source_ranges = [
+ "0.0.0.0/0",
]
+ target_tags = [
+ "ssh",
]
+ allow {
+ ports = []
+ protocol = "icmp"
}
}
# google_compute_firewall.ssh will be created
+ resource "google_compute_firewall" "ssh" {
+ creation_timestamp = (known after apply)
+ destination_ranges = (known after apply)
+ direction = "INGRESS"
+ enable_logging = (known after apply)
+ id = (known after apply)
+ name = "allow-ssh"
+ network = "my-vpc"
+ priority = 1000
+ project = (known after apply)
+ self_link = (known after apply)
+ source_ranges = [
+ "0.0.0.0/0",
]
+ target_tags = [
+ "ssh",
]
+ allow {
+ ports = [
+ "22",
]
+ protocol = "tcp"
}
}
# google_compute_instance.vm-1 will be created
+ resource "google_compute_instance" "vm-1" {
+ can_ip_forward = false
+ cpu_platform = (known after apply)
+ current_status = (known after apply)
+ deletion_protection = false
+ guest_accelerator = (known after apply)
+ id = (known after apply)
+ instance_id = (known after apply)
+ label_fingerprint = (known after apply)
+ machine_type = "e2-small"
+ metadata_fingerprint = (known after apply)
+ min_cpu_platform = (known after apply)
+ name = "vm-1"
+ project = (known after apply)
+ self_link = (known after apply)
+ tags = [
+ "ssh",
+ "tcp",
]
+ tags_fingerprint = (known after apply)
+ zone = "asia-northeast1-a"
+ boot_disk {
+ auto_delete = true
+ device_name = (known after apply)
+ disk_encryption_key_sha256 = (known after apply)
+ kms_key_self_link = (known after apply)
+ mode = "READ_WRITE"
+ source = (known after apply)
+ initialize_params {
+ image = "ubuntu-os-cloud/ubuntu-2204-lts"
+ labels = (known after apply)
+ size = 30
+ type = (known after apply)
}
}
+ network_interface {
+ ipv6_access_type = (known after apply)
+ name = (known after apply)
+ network = "my-vpc"
+ network_ip = (known after apply)
+ stack_type = (known after apply)
+ subnetwork = (known after apply)
+ subnetwork_project = (known after apply)
+ access_config {
+ nat_ip = (known after apply)
+ network_tier = (known after apply)
}
}
}
# google_compute_network.my-vpc will be created
+ resource "google_compute_network" "my-vpc" {
+ auto_create_subnetworks = false
+ delete_default_routes_on_create = false
+ gateway_ipv4 = (known after apply)
+ id = (known after apply)
+ internal_ipv6_range = (known after apply)
+ mtu = (known after apply)
+ name = "my-vpc"
+ network_firewall_policy_enforcement_order = "AFTER_CLASSIC_FIREWALL"
+ project = (known after apply)
+ routing_mode = (known after apply)
+ self_link = (known after apply)
}
# google_compute_subnetwork.subnet-1 will be created
+ resource "google_compute_subnetwork" "subnet-1" {
+ creation_timestamp = (known after apply)
+ external_ipv6_prefix = (known after apply)
+ fingerprint = (known after apply)
+ gateway_address = (known after apply)
+ id = (known after apply)
+ ip_cidr_range = "192.168.0.0/24"
+ ipv6_cidr_range = (known after apply)
+ name = "subnet-1"
+ network = (known after apply)
+ private_ip_google_access = (known after apply)
+ private_ipv6_google_access = (known after apply)
+ project = (known after apply)
+ purpose = (known after apply)
+ region = "asia-northeast1"
+ secondary_ip_range = (known after apply)
+ self_link = (known after apply)
+ stack_type = (known after apply)
}
Plan: 6 to add, 0 to change, 0 to destroy.
────────────────────────────────────────────────────────────────────────────────────────────
Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take
exactly these actions if you run "terraform apply" now.上記のように問題がなければ作成されるリソース一覧が出力されます。
反対にコードにおかしいと”Error:”と修正するべきファイル名と行の場所を示してくれます。
意図したとおりのリソースが表示されれば”terraform apply”を実行しデプロイします。
kikumura_twitter@cloudshell:~/tf-tutorial (cobalt-upgrade-388102)$ terraform apply
Terraform used the selected providers to generate the following execution plan. Resource
actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# google_compute_firewall.https will be created
+ resource "google_compute_firewall" "https" {
+ creation_timestamp = (known after apply)
+ destination_ranges = (known after apply)
+ direction = (known after apply)
+ enable_logging = (known after apply)
+ id = (known after apply)
+ name = "allow-tcp"
+ network = "my-vpc"
+ priority = 1000
+ project = (known after apply)
+ self_link = (known after apply)
+ source_ranges = [
+ "0.0.0.0/0",
]
+ target_tags = [
+ "tcp",
]
+ allow {
+ ports = [
+ "443",
]
+ protocol = "tcp"
}
}
# google_compute_firewall.icmp will be created
+ resource "google_compute_firewall" "icmp" {
+ creation_timestamp = (known after apply)
+ destination_ranges = (known after apply)
+ direction = (known after apply)
+ enable_logging = (known after apply)
+ id = (known after apply)
+ name = "allow-icmp"
+ network = "my-vpc"
+ priority = 1000
+ project = (known after apply)
+ self_link = (known after apply)
+ source_ranges = [
+ "0.0.0.0/0",
]
+ target_tags = [
+ "ssh",
]
+ allow {
+ ports = []
+ protocol = "icmp"
}
}
# google_compute_firewall.ssh will be created
+ resource "google_compute_firewall" "ssh" {
+ creation_timestamp = (known after apply)
+ destination_ranges = (known after apply)
+ direction = "INGRESS"
+ enable_logging = (known after apply)
+ id = (known after apply)
+ name = "allow-ssh"
+ network = "my-vpc"
+ priority = 1000
+ project = (known after apply)
+ self_link = (known after apply)
+ source_ranges = [
+ "0.0.0.0/0",
]
+ target_tags = [
+ "ssh",
]
+ allow {
+ ports = [
+ "22",
]
+ protocol = "tcp"
}
}
# google_compute_instance.vm-1 will be created
+ resource "google_compute_instance" "vm-1" {
+ can_ip_forward = false
+ cpu_platform = (known after apply)
+ current_status = (known after apply)
+ deletion_protection = false
+ guest_accelerator = (known after apply)
+ id = (known after apply)
+ instance_id = (known after apply)
+ label_fingerprint = (known after apply)
+ machine_type = "e2-small"
+ metadata_fingerprint = (known after apply)
+ min_cpu_platform = (known after apply)
+ name = "vm-1"
+ project = (known after apply)
+ self_link = (known after apply)
+ tags = [
+ "ssh",
+ "tcp",
]
+ tags_fingerprint = (known after apply)
+ zone = "asia-northeast1-a"
+ boot_disk {
+ auto_delete = true
+ device_name = (known after apply)
+ disk_encryption_key_sha256 = (known after apply)
+ kms_key_self_link = (known after apply)
+ mode = "READ_WRITE"
+ source = (known after apply)
+ initialize_params {
+ image = "ubuntu-os-cloud/ubuntu-2204-lts"
+ labels = (known after apply)
+ size = 30
+ type = (known after apply)
}
}
+ network_interface {
+ ipv6_access_type = (known after apply)
+ name = (known after apply)
+ network = "my-vpc"
+ network_ip = (known after apply)
+ stack_type = (known after apply)
+ subnetwork = (known after apply)
+ subnetwork_project = (known after apply)
+ access_config {
+ nat_ip = (known after apply)
+ network_tier = (known after apply)
}
}
}
# google_compute_network.my-vpc will be created
+ resource "google_compute_network" "my-vpc" {
+ auto_create_subnetworks = false
+ delete_default_routes_on_create = false
+ gateway_ipv4 = (known after apply)
+ id = (known after apply)
+ internal_ipv6_range = (known after apply)
+ mtu = (known after apply)
+ name = "my-vpc"
+ network_firewall_policy_enforcement_order = "AFTER_CLASSIC_FIREWALL"
+ project = (known after apply)
+ routing_mode = (known after apply)
+ self_link = (known after apply)
}
# google_compute_subnetwork.subnet-1 will be created
+ resource "google_compute_subnetwork" "subnet-1" {
+ creation_timestamp = (known after apply)
+ external_ipv6_prefix = (known after apply)
+ fingerprint = (known after apply)
+ gateway_address = (known after apply)
+ id = (known after apply)
+ ip_cidr_range = "192.168.0.0/24"
+ ipv6_cidr_range = (known after apply)
+ name = "subnet-1"
+ network = (known after apply)
+ private_ip_google_access = (known after apply)
+ private_ipv6_google_access = (known after apply)
+ project = (known after apply)
+ purpose = (known after apply)
+ region = "asia-northeast1"
+ secondary_ip_range = (known after apply)
+ self_link = (known after apply)
+ stack_type = (known after apply)
}
Plan: 6 to add, 0 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
google_compute_instance.vm-1: Creating...
google_compute_instance.vm-1: Still creating... [10s elapsed]
google_compute_instance.vm-1: Creation complete after 14s [id=projects/cobalt-upgrade-388102/zones/asia-northeast1-a/instances/vm-1]
Apply complete! Resources: 1 added, 0 changed, 0 destroyed.無事にデプロイが完了しました。
コンソールに行って確認しましょう。
コードの通りにインフラリソースが作成されました。
さて、せっかくなのでコンソールからSSH接続しyahooに対してCurlが飛んでくかやってみます。
うむ( ´∀`) しっかり外部とも疎通ができてます👍
最後に作成したリソースをクリーンアップして終了です!
デプロイしたリソースを一掃するときはコマンド”terraform destroy”を実行します。
kikumura_twitter@cloudshell:~/tf-tutorial (cobalt-upgrade-388102)$ terraform destroy
google_compute_network.my-vpc: Refreshing state... [id=projects/cobalt-upgrade-388102/global/networks/my-vpc]
google_compute_firewall.ssh: Refreshing state... [id=projects/cobalt-upgrade-388102/global/firewalls/allow-ssh]
google_compute_subnetwork.subnet-1: Refreshing state... [id=projects/cobalt-upgrade-388102/regions/asia-northeast1/subnetworks/subnet-1]
google_compute_firewall.https: Refreshing state... [id=projects/cobalt-upgrade-388102/global/firewalls/allow-tcp]
google_compute_firewall.icmp: Refreshing state... [id=projects/cobalt-upgrade-388102/global/firewalls/allow-icmp]
google_compute_instance.vm-1: Refreshing state... [id=projects/cobalt-upgrade-388102/zones/asia-northeast1-a/instances/vm-1]
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following
symbols:
- destroy
Terraform will perform the following actions:
# google_compute_firewall.https will be destroyed
- resource "google_compute_firewall" "https" {
- creation_timestamp = "2023-09-11T09:00:06.340-07:00" -> null
- destination_ranges = [] -> null
- direction = "INGRESS" -> null
- disabled = false -> null
- id = "projects/cobalt-upgrade-388102/global/firewalls/allow-tcp" -> null
- name = "allow-tcp" -> null
- network = "https://www.googleapis.com/compute/v1/projects/cobalt-upgrade-388102/global/networks/my-vpc" -> null
- priority = 1000 -> null
- project = "cobalt-upgrade-388102" -> null
- self_link = "https://www.googleapis.com/compute/v1/projects/cobalt-upgrade-388102/global/firewalls/allow-tcp" -> null
- source_ranges = [
- "0.0.0.0/0",
] -> null
- source_service_accounts = [] -> null
- source_tags = [] -> null
- target_service_accounts = [] -> null
- target_tags = [
- "tcp",
] -> null
- allow {
- ports = [
- "443",
] -> null
- protocol = "tcp" -> null
}
}
# google_compute_firewall.icmp will be destroyed
- resource "google_compute_firewall" "icmp" {
- creation_timestamp = "2023-09-11T09:00:06.260-07:00" -> null
- destination_ranges = [] -> null
- direction = "INGRESS" -> null
- disabled = false -> null
- id = "projects/cobalt-upgrade-388102/global/firewalls/allow-icmp" -> null
- name = "allow-icmp" -> null
- network = "https://www.googleapis.com/compute/v1/projects/cobalt-upgrade-388102/global/networks/my-vpc" -> null
- priority = 1000 -> null
- project = "cobalt-upgrade-388102" -> null
- self_link = "https://www.googleapis.com/compute/v1/projects/cobalt-upgrade-388102/global/firewalls/allow-icmp" -> null
- source_ranges = [
- "0.0.0.0/0",
] -> null
- source_service_accounts = [] -> null
- source_tags = [] -> null
- target_service_accounts = [] -> null
- target_tags = [
- "ssh",
] -> null
- allow {
- ports = [] -> null
- protocol = "icmp" -> null
}
}
# google_compute_firewall.ssh will be destroyed
- resource "google_compute_firewall" "ssh" {
- creation_timestamp = "2023-09-11T09:00:05.881-07:00" -> null
- destination_ranges = [] -> null
- direction = "INGRESS" -> null
- disabled = false -> null
- id = "projects/cobalt-upgrade-388102/global/firewalls/allow-ssh" -> null
- name = "allow-ssh" -> null
- network = "https://www.googleapis.com/compute/v1/projects/cobalt-upgrade-388102/global/networks/my-vpc" -> null
- priority = 1000 -> null
- project = "cobalt-upgrade-388102" -> null
- self_link = "https://www.googleapis.com/compute/v1/projects/cobalt-upgrade-388102/global/firewalls/allow-ssh" -> null
- source_ranges = [
- "0.0.0.0/0",
] -> null
- source_service_accounts = [] -> null
- source_tags = [] -> null
- target_service_accounts = [] -> null
- target_tags = [
- "ssh",
] -> null
- allow {
- ports = [
- "22",
] -> null
- protocol = "tcp" -> null
}
}
# google_compute_instance.vm-1 will be destroyed
- resource "google_compute_instance" "vm-1" {
- can_ip_forward = false -> null
- cpu_platform = "Intel Broadwell" -> null
- current_status = "RUNNING" -> null
- deletion_protection = false -> null
- enable_display = false -> null
- guest_accelerator = [] -> null
- id = "projects/cobalt-upgrade-388102/zones/asia-northeast1-a/instances/vm-1" -> null
- instance_id = "5503443638770893376" -> null
- label_fingerprint = "42WmSpB8rSM=" -> null
- labels = {} -> null
- machine_type = "e2-small" -> null
- metadata = {
- "ssh-keys" = <<-EOT
kikumura_twitter:ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAaQyySB6WKW6x5UgvZMNireqHsF8DY02iY+h2I0fwaCvJmaoOVdCuZPVfkusoPnHOpwRq0m+ksibUnAN+zr9Ag= google-ssh {"userName":"kikumura.twitter@gmail.com","expireOn":"2023-09-11T16:20:37+0000"}
kikumura_twitter:ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCiLjXRWH4ptxzjJJp25Ugf42gUrVepR9iWG3sAFVLJWTPV//Ht3XEtQtbzGMy9Y4djsbP/HaEa2WE+Ed+hL+deUmpB3rnhviR2b2dU8AH6LDxgjDxx95q9bRLye/ahLLNxgS2s/ektmzVjQOkDWNL5oydu5RvPPGxa7ZX38irzybzUBEh3108Dbprr2+/Wf3EKDjmm4QywFfxssiDnTUlYvShbqhvVyuOFPeo8rTWh8V/UNXAj9o3MrGhdyMklgr7J8US1vTzr77pZQc0HgWpU2ZdhbpIRBpuqXLlsVLqIrDthvK4FEPkvgo3lUSh7QdpLpYhGZ7JjCkYg+iu9RaIz google-ssh {"userName":"kikumura.twitter@gmail.com","expireOn":"2023-09-11T16:20:52+0000"}
EOT
} -> null
- metadata_fingerprint = "VzAfn37uq_s=" -> null
- name = "vm-1" -> null
- project = "cobalt-upgrade-388102" -> null
- resource_policies = [] -> null
- self_link = "https://www.googleapis.com/compute/v1/projects/cobalt-upgrade-388102/zones/asia-northeast1-a/instances/vm-1" -> null
- tags = [
- "ssh",
- "tcp",
] -> null
- tags_fingerprint = "JvCEbN2VGFM=" -> null
- zone = "asia-northeast1-a" -> null
- boot_disk {
- auto_delete = true -> null
- device_name = "persistent-disk-0" -> null
- mode = "READ_WRITE" -> null
- source = "https://www.googleapis.com/compute/v1/projects/cobalt-upgrade-388102/zones/asia-northeast1-a/disks/vm-1" -> null
- initialize_params {
- image = "https://www.googleapis.com/compute/v1/projects/ubuntu-os-cloud/global/images/ubuntu-2204-jammy-v20230908" -> null
- labels = {} -> null
- resource_manager_tags = {} -> null
- size = 30 -> null
- type = "pd-standard" -> null
}
}
- network_interface {
- name = "nic0" -> null
- network = "https://www.googleapis.com/compute/v1/projects/cobalt-upgrade-388102/global/networks/my-vpc" -> null
- network_ip = "192.168.0.2" -> null
- queue_count = 0 -> null
- stack_type = "IPV4_ONLY" -> null
- subnetwork = "https://www.googleapis.com/compute/v1/projects/cobalt-upgrade-388102/regions/asia-northeast1/subnetworks/subnet-1" -> null
- subnetwork_project = "cobalt-upgrade-388102" -> null
- access_config {
- nat_ip = "35.243.103.36" -> null
- network_tier = "PREMIUM" -> null
}
}
- scheduling {
- automatic_restart = true -> null
- min_node_cpus = 0 -> null
- on_host_maintenance = "MIGRATE" -> null
- preemptible = false -> null
- provisioning_model = "STANDARD" -> null
}
- shielded_instance_config {
- enable_integrity_monitoring = true -> null
- enable_secure_boot = false -> null
- enable_vtpm = true -> null
}
}
# google_compute_network.my-vpc will be destroyed
- resource "google_compute_network" "my-vpc" {
- auto_create_subnetworks = false -> null
- delete_default_routes_on_create = false -> null
- enable_ula_internal_ipv6 = false -> null
- id = "projects/cobalt-upgrade-388102/global/networks/my-vpc" -> null
- mtu = 0 -> null
- name = "my-vpc" -> null
- network_firewall_policy_enforcement_order = "AFTER_CLASSIC_FIREWALL" -> null
- project = "cobalt-upgrade-388102" -> null
- routing_mode = "REGIONAL" -> null
- self_link = "https://www.googleapis.com/compute/v1/projects/cobalt-upgrade-388102/global/networks/my-vpc" -> null
}
# google_compute_subnetwork.subnet-1 will be destroyed
- resource "google_compute_subnetwork" "subnet-1" {
- creation_timestamp = "2023-09-11T09:00:09.902-07:00" -> null
- gateway_address = "192.168.0.1" -> null
- id = "projects/cobalt-upgrade-388102/regions/asia-northeast1/subnetworks/subnet-1" -> null
- ip_cidr_range = "192.168.0.0/24" -> null
- name = "subnet-1" -> null
- network = "https://www.googleapis.com/compute/v1/projects/cobalt-upgrade-388102/global/networks/my-vpc" -> null
- private_ip_google_access = false -> null
- private_ipv6_google_access = "DISABLE_GOOGLE_ACCESS" -> null
- project = "cobalt-upgrade-388102" -> null
- purpose = "PRIVATE" -> null
- region = "asia-northeast1" -> null
- secondary_ip_range = [] -> null
- self_link = "https://www.googleapis.com/compute/v1/projects/cobalt-upgrade-388102/regions/asia-northeast1/subnetworks/subnet-1" -> null
- stack_type = "IPV4_ONLY" -> null
}
Plan: 0 to add, 0 to change, 6 to destroy.
Do you really want to destroy all resources?
Terraform will destroy all your managed infrastructure, as shown above.
There is no undo. Only 'yes' will be accepted to confirm.
Enter a value: yes
google_compute_firewall.icmp: Destroying... [id=projects/cobalt-upgrade-388102/global/firewalls/allow-icmp]
google_compute_firewall.ssh: Destroying... [id=projects/cobalt-upgrade-388102/global/firewalls/allow-ssh]
google_compute_firewall.https: Destroying... [id=projects/cobalt-upgrade-388102/global/firewalls/allow-tcp]
google_compute_instance.vm-1: Destroying... [id=projects/cobalt-upgrade-388102/zones/asia-northeast1-a/instances/vm-1]
google_compute_firewall.icmp: Still destroying... [id=projects/cobalt-upgrade-388102/global/firewalls/allow-icmp, 10s elapsed]
google_compute_firewall.ssh: Still destroying... [id=projects/cobalt-upgrade-388102/global/firewalls/allow-ssh, 10s elapsed]
google_compute_firewall.https: Still destroying... [id=projects/cobalt-upgrade-388102/global/firewalls/allow-tcp, 10s elapsed]
google_compute_instance.vm-1: Still destroying... [id=projects/cobalt-upgrade-388102/zones/asia-northeast1-a/instances/vm-1, 10s elapsed]
google_compute_firewall.https: Destruction complete after 12s
google_compute_firewall.ssh: Destruction complete after 12s
google_compute_firewall.icmp: Destruction complete after 12s
google_compute_instance.vm-1: Still destroying... [id=projects/cobalt-upgrade-388102/zones/asia-northeast1-a/instances/vm-1, 20s elapsed]
google_compute_instance.vm-1: Still destroying... [id=projects/cobalt-upgrade-388102/zones/asia-northeast1-a/instances/vm-1, 30s elapsed]
google_compute_instance.vm-1: Still destroying... [id=projects/cobalt-upgrade-388102/zones/asia-northeast1-a/instances/vm-1, 40s elapsed]
google_compute_instance.vm-1: Still destroying... [id=projects/cobalt-upgrade-388102/zones/asia-northeast1-a/instances/vm-1, 50s elapsed]
google_compute_instance.vm-1: Destruction complete after 52s
google_compute_subnetwork.subnet-1: Destroying... [id=projects/cobalt-upgrade-388102/regions/asia-northeast1/subnetworks/subnet-1]
google_compute_subnetwork.subnet-1: Still destroying... [id=projects/cobalt-upgrade-388102/regions/asia-northeast1/subnetworks/subnet-1, 10s elapsed]
google_compute_subnetwork.subnet-1: Still destroying... [id=projects/cobalt-upgrade-388102/regions/asia-northeast1/subnetworks/subnet-1, 20s elapsed]
google_compute_subnetwork.subnet-1: Destruction complete after 22s
google_compute_network.my-vpc: Destroying... [id=projects/cobalt-upgrade-388102/global/networks/my-vpc]
google_compute_network.my-vpc: Still destroying... [id=projects/cobalt-upgrade-388102/global/networks/my-vpc, 10s elapsed]
google_compute_network.my-vpc: Still destroying... [id=projects/cobalt-upgrade-388102/global/networks/my-vpc, 20s elapsed]
google_compute_network.my-vpc: Destruction complete after 22s
Destroy complete! Resources: 6 destroyed.これでデプロイしたリソースが全て削除されました੧(❛□❛✿)
終わりに
私はもともとAWSや OracleCloudなどのクラウドはマネージメントコンソールから手順書作りながら構築してきたインフラエンジニアなんですが、CloudFormationやCDKをはじめTerraformなどのインフラストラクチャコードからリソースを作ることに慣れてきたらマネージメントコンソールから作るよりコードを書いて作るようになってるんですよね。ほんと、慣れるまではコードでインフラって本当に受け付けなかったんですが食わず嫌いでした。
手で作ることにより発生するミス、手で作って手で消すと作り忘れや消し忘れも起きちゃったりしてしまうし、何よりめんどくさいんですよね。コードで書いてしまえばdeployでコマンド打てば環境作れちゃうんで、こんなに楽なことはない。ただ、ディレクトリ構成とかモジュールとか覚えないといけないことはありますが、楽しいんですよね笑。
もう、手でクラウドインフラ構築は戻れないです(IAMとか有効化ボタン押すとか検証でパッパとできるものなら手でやりますが)。
皆さんもぜひ、この機会にGCPでTerraformな技術に触れてみてはいかがでしょうか?( ・∇・)
ありがとうございました。