Infrastructure automation and CI/CD on Google Cloud Platform using Terraform Cloud and GitHub

This is a step by step guide for infrastructure automation, CI/CD on Google Cloud using Terraform Cloud with GitHub as Version Control System.

Terraform Cloud is a SaaS platform that provides a centralized platform to manage, version, and collaborate on Terraform configurations, making it easier to automate infrastructure on Cloud Platforms like AWS, GCP, Azure. An end-to-end DevOps pipeline for IaC can be setup using GitHub for VCS, Terraform Cloud for CI/CD pipeline and managing the Terraform state file in the Terraform Cloud.

The demo can be implemented with a free Terraform Cloud account and Google Cloud free tier. GitHub is anyways free for individuals :-)

#1 Steps in Google Cloud Platform

1. Create a demo project in GCP
2. Create a Service Account in the IAM, assign a role roles/storage.admin as we will be creating a sample bucket using Terraform and download the Service Account key which will be used by the Terraform Cloud for authenticating with GCP

#2 Steps in GitHub

1. Fork a repository in GitHub from my GitHub
2. Change the project name in the following two Terraform files: providers.tf and main.tf

## providers.tf — mentions the Terraform Provider version and configurations

terraform {
  required_providers {
    google = {
      source = "hashicorp/google"
      version = "4.52.0"
    }
  }
}

provider "google" {
  project = "tf-gcp-demo-377217"
  region  = "us-central1"
  zone    = "us-central1-c"
}

## main.tf — which creates a bucket with the GCP project name as prefix for uniqueness with a sample object life cycle policy

## the bucketname is prefixed with the GCP project name which is unique
resource "google_storage_bucket" "auto-expire" {
  name          = "tf-gcp-demo-377217-bucket"   
  location      = "US"
  force_destroy = true

  lifecycle_rule {
    condition {
      age = 5
    }
    action {
      type = "Delete"
    }
  }

  lifecycle_rule {
    condition {
      age = 1
    }
    action {
      type = "AbortIncompleteMultipartUpload"
    }
  }
}

#3 Steps in Terraform Cloud

1. Setup a free Terraform Cloud account. You can use GitHub account to login as well.
2. Create a new workspace with version control workflow and connect to GitHub as VCS
3. Configure an Environment Variable and mark it Sensitive to connect to Google Cloud project using the Service Account. Remember to remove new lines from the Key JSON file.

#4 Test the CI/CD from Terraform Cloud and GitHub

1. Commit and push a change in GitHub repository which will trigger a pipeline for plan stage in Terraform cloud
2. Review the plan and manually apply the plan into Google Cloud. A bucket should be created in the project.
3. Make an amendment in the main.tf to change the lifecycle rule, commit and push for trigerring the CI/CD pipeline in Terraform Cloud.

Look at the below image to understand how Terraform Cloud manages the state with three triggers from Terraform Cloud UI, GitHub repository for a bucket life cycle change and finally a destroy.

Terraform State File in the Terraform Cloud with three triggers

Refer to the below demo for a detailed step-by-step approach to create the DevOps pipeline using GitHub and Terraform Cloud for infrastructure automation on Google Cloud Platform.