Back to Blog

Cloud Deployment with GCP and Terraform

Infrastructure as Code for scalable deployments

September 12, 2024
9 min read

During my internship at Gorkhali Agents, I've gained hands-on experience with GCP and Terraform. Infrastructure as Code (IaC) has transformed how we deploy and manage cloud resources. Here's what I've learned about this powerful combination.

Why Terraform + GCP?

Reproducible Infrastructure

Terraform configurations ensure your infrastructure is consistent across development, staging, and production environments.

Version Control

Infrastructure changes are tracked in Git, providing audit trails and rollback capabilities.

Cost Management

Terraform helps optimize costs by managing resource lifecycles and preventing resource sprawl.

Basic Terraform Setup

Here's a typical Terraform configuration for a GCP project:

# main.tf
terraform {
  required_providers {
    google = {
      source  = "hashicorp/google"
      version = "~> 4.0"
    }
  }
}

provider "google" {
  project = var.project_id
  region  = var.region
}

resource "google_cloud_run_service" "app" {
  name     = "my-app"
  location = var.region

  template {
    spec {
      containers {
        image = "gcr.io/${var.project_id}/my-app:latest"
        
        env {
          name  = "DATABASE_URL"
          value = google_sql_database_instance.main.connection_name
        }
      }
    }
  }
}

Cloud Run Deployment

Cloud Run is perfect for containerized applications. Here's how I configure it:

resource "google_cloud_run_service" "api" {
  name     = "api-service"
  location = var.region

  template {
    metadata {
      annotations = {
        "autoscaling.knative.dev/maxScale" = "10"
        "run.googleapis.com/cpu-throttling" = "false"
      }
    }
    
    spec {
      container_concurrency = 80
      containers {
        image = var.image_url
        
        resources {
          limits = {
            cpu    = "1000m"
            memory = "512Mi"
          }
        }
        
        ports {
          container_port = 8080
        }
      }
    }
  }
  
  traffic {
    percent         = 100
    latest_revision = true
  }
}

IAM and Security

Proper IAM configuration is crucial for security:

# Service account for Cloud Run
resource "google_service_account" "cloud_run_sa" {
  account_id   = "cloud-run-service"
  display_name = "Cloud Run Service Account"
}

# Grant minimal required permissions
resource "google_project_iam_member" "cloud_run_sql" {
  project = var.project_id
  role    = "roles/cloudsql.client"
  member  = "serviceAccount:${google_service_account.cloud_run_sa.email}"
}

resource "google_project_iam_member" "cloud_run_storage" {
  project = var.project_id
  role    = "roles/storage.objectViewer"
  member  = "serviceAccount:${google_service_account.cloud_run_sa.email}"
}

Following the principle of least privilege ensures better security posture.

Lessons Learned

  • Always use remote state storage (GCS bucket) for team collaboration
  • Implement proper state locking to prevent concurrent modifications
  • Use modules to organize and reuse Terraform configurations
  • Plan before apply - always review changes in staging first
  • Monitor costs regularly - cloud resources can add up quickly

This combination has made our deployment process more reliable and scalable. The learning curve is worth it for the long-term benefits of infrastructure as code.