appendix C Authenticating to GCP

The Google Cloud Platform (GCP) provider for Terraform provisions infrastructure onto Google Cloud Platform. This appendix walks through the steps necessary to set up a new GCP account, create a project, and configure access credentials using the CLI.

C.1 Creating a GCP account

If you’re creating a new GCP account, you will automatically receive a $300 credit to try out GCP services. To create a GCP account, do the following (see

  1. Open the Google Cloud Console in the browser:

  2. If you already have a Gmail account, sign in with that. Alternatively, you can register using a non-Google account.

  3. Accept the terms and conditions, and continue to the console.

C.2 Creating a new project

Everything in GCP is organized by project. You will need to create a project before you can deploy anything with Terraform. Projects can be programmatically created, but it’s easier to create them in the console. Here is how to create a new project:

  1. Click the Select a Project drop-down from the top of the page, and then select New Project.

  2. Enter a name for your project. Take note of the project ID, which may be different from the project name.

  3. Select a Google Cloud billing account to pay for your project. If you do not already have a billing account, you can create one on the Cloud Console billing page (

C.3 Installing the Google Cloud SDK

The Google Cloud SDK (gcloud) is a tool that allows programmatic access against GCP services. It is also the easiest way to obtain access credentials. To install gcloud for your operating system, refer to the Google Cloud SDK documentation:

C.4 Authenticating with the Google Cloud SDK

Once you have gcloud installed, the next step is authenticating to GCP. The recommended approach is to create a least-privileged service account, but for personal use, it is fine to sign in using the CLI. Use the following command to launch a web browser authorization workflow:

$ gcloud auth application-default login—project <your project id>
Quota project "<your project id>" was added to ADC which can be used by 
Google client libraries for billing and quota. Note that some services may 
still bill the project owning the resource.

Note Refer to the Google Terraform provider documentation for more information on how to authenticate to GCP:

C.5 Configuring the GCP provider in Terraform

Now that you’ve obtained temporary access credentials, you can use them to authenticate against GCP. Declare your provider block as shown here, inserting your project ID and desired deployment region:

provider "google" {
    project = "<your project id>"
    region  = "us-central1"

Note If you are using a service account with a credentials file, you will also need to set the credentials attribute to point to your account key file in JSON format (see

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.