Terraform Remote Exec on Google Compute Engine VM Instance

Sayed Imran
Google Cloud - Community
4 min readFeb 24


In this article I’ve demonstrated a simple straight forward way to remotely execute scripts on a Linux based VM Instance on Google Compute Engine via Terraform.

There may happen a use case where we provision VM Instances on Cloud and want to configure some software or application then and there after the launching of the resource.

Although Terraform is not a configuration management tool, but Terraform offers a feature where the above requirement can be met. Terraform offers remote-exec provisioner using which one can remotely execute scripts on the launched instance(s).

Google Compute Engine by default doesn’t have a feature of key-pair, where the public key is stored in the instance, and the private SSH key is downloaded by the user to access it, as in Amazon EC2. Rather the user can directly access it from the in-browser SSH.

Compute Engine allows a feature where we can provide our own public SSH key, which will be stored in the VM Instance and with the respective private key we can SSH into the instance.

SSH Key format

The pubic SSH key has to be in any of the below two formats:

<protocol> <key-blob> <username@example.com>


<protocol> <key-blob> google-ssh {"userName":"<username@example.com>","expireOn":"<date>"}

The username@example.com is the email ID associated with the Google Cloud Account being used to launch the Instance.

Generating SSH keys

To generate SSH keys in the above format the following command can be used:

ssh-keygen -t rsa -f ./KEY_FILENAME -C USERNAME -b 2048

The above command will a generate a SSH key-pair (public and private) in the current folder with the provided username of size 2048 bytes.

Arguments to be provided:

  • KEY_FILENAME: The name of private key which will be used to SSH into the Instance.
  • USERNAME: Username to be provided is the email address associated with the Google Cloud Account which will be used to launch the resources.


Screenshot of generating the SSH keys
Screenshot of generating the SSH keys

When the command prompts for passphrase just press enter and move forward.

The above command resulted in generation of two key files: gcp-key (private-key) & gcp-key.pub (public-key).

Terraform Script

I’ve used the following Terraform Script to provision a VM Instance and firewall policy to allow HTTP and SSH traffic from anywhere, which is used by the VM Instance.

Terraform Script

GitHub Repo Folder link for the same: Terraform-Scripts.

I’ve used the script present in gcp-remote-exec folder in the GitHub repo, for this demonstration.

In the script if you would move to provisioner “remote-exec” block, you may see the script that would run after the Instance is launched. I’ve used a small script as seen in the following just for the demonstration purpose.

The above script will install nginx web-server on the instance after it is launched.

NOTE: In this script, I’ve used a local-exec provisioner too just to open the webpage to hit the public IP of the Instance launched, so as to see the nginx default page.

Provisioning Resources

You may need to create a values.tfvars file to use your own values for the variables specified in the variables.tf file, or may change the default value in the later mentioned file.

To show the plan for resource to be launched you may use the following command:

terraform plan -var=file=values.tfvars

Once you are done with the plan, you may now move forward with provisioning the resources with the following command:

terraform apply -var-file=values.tfvars -auto-approve

NOTE: If you didn’t create the values.tfvars file then you may not use the argument and value for -var-file=values.tfvars.

After the script runs successfully you may see that chrome browser pops up with the default nginx webserver page.

This article was a simple demonstration of remote script execution on Google Cloud VM Instances via Terraform.

Soon I’ll be publishing a detailed article on setting up K3S Cluster on VM Instances on Google Cloud Compute Engine via Terraform.

Hope you find this article useful. If you feel any difficulty at any point in following up this article, do drop me query regarding the same. I would be happy to help and it may improve the documentation too.

Thank you very much for going through this article. Do give your feedback in the comments.

#devops #google #gcp #terraform #automation #ssh #gcp #cloud #script #article #education #righteducation



Sayed Imran
Google Cloud - Community

Google Cloud Certified Cloud Digital Leader | Cloud and DevOps Enthusiast | DevOps and Cloud Lead at GDSC NIST