[CloudStarter] Addition: Terraform with GCP

September 17, 2024

Why Google's GCP?

There's a great GitHub repository that shows us all the Always Free or Free for Limited-time options across 18 major cloud providers. In addition to Oracle Cloud, another big cloud provider offering an always free VM is Google Cloud. For the sake of learning, it makes sense to spin up a VM with Terraform there as well.

Google offers us 0.25 vCPU and 1 GB RAM - however, only in us-west1, us-central1, and us-east1, so expect heavy latencies if that's not your region! Another aspect I preferred with Oracle is that Google doesn't specifically advertise its Free Tier VM. You have to add a credit card to your account and configure the VM, and only if you choose the right settings and stay within the specified boundaries are you actually using the Free Tier. You do have 90 days of testing in which you can spend 300 USD of credit for free. However, Google assures that after the testing period, it will not charge your credit card if you haven't been "upgrading your account". You'll only lose your cloud resources, which is fine by me.

I recommend this YouTube video to make sure you create a VM that is actually free (E2-micro, Standard Persistent Disk, 1 GB network egress from North America to other regions except China and Australia/month). Don't be puzzled by the 5-6 USD that are your monthly estimated costs. They will only be charged if you use resources outside the Free Tier. I hope. Unfortunately, Google doesn't show you this transparently, unlike Oracle.

Basic setup - connect to GCP through API key

You need a Google account and need to go to the Google Cloud Console. There, you have to activate the Compute Engine API (follow the steps in the previous YouTube video). If you navigate to Compute Engine, you can create another instance. Don't forget to navigate to Security and the VM access and add a manually generated SSH key to it. We want to be able to SSH into our VM. GCP has one big advantage over OCI, which is that you can display the corresponding code: Google will automatically create the necessary details you have just selected in the UI for the command line (with gcloud), REST, or Terraform. This is perfect for us, since we only have to copy the Terraform code and put it into another main.tf! A big time saver!

Basic setup - Terraform

The Terraform main.tf file is now just a copy and paste from the Google Cloud Console:

# This code is compatible with Terraform 4.25.0 and versions that are backwards compatible to 4.25.0.
# For information about validating this Terraform code, see https://developer.hashicorp.com/terraform/tutorials/gcp-get-started/google-cloud-platform-build#format-and-validate-the-configuration

resource "google_compute_instance" "gcp-free" {
  boot_disk {
    auto_delete = true
    device_name = "gcp-free"

    initialize_params {
      image = "projects/debian-cloud/global/images/debian-12-bookworm-v20240910"
      size  = 10
      type  = "pd-standard"
    }

    mode = "READ_WRITE"
  }

  can_ip_forward      = false
  deletion_protection = false
  enable_display      = false

  labels = {
    goog-ec-src = "vm_add-tf"
  }

  machine_type = "e2-micro"
  name         = "gcp-free"

  network_interface {
    access_config {
      network_tier = "PREMIUM"
    }

    queue_count = 0
    stack_type  = "IPV4_ONLY"
    subnetwork  = "projects/long-classifier-******-r1/regions/us-central1/subnetworks/default"
  }

  scheduling {
    automatic_restart   = true
    on_host_maintenance = "MIGRATE"
    preemptible         = false
    provisioning_model  = "STANDARD"
  }

  service_account {
    email  = "********-compute@developer.gserviceaccount.com"
    scopes = ["https://www.googleapis.com/auth/devstorage.read_only", "https://www.googleapis.com/auth/logging.write", "https://www.googleapis.com/auth/monitoring.write", "https://www.googleapis.com/auth/service.management.readonly", "https://www.googleapis.com/auth/servicecontrol", "https://www.googleapis.com/auth/trace.append"]
  }

  shielded_instance_config {
    enable_integrity_monitoring = true
    enable_secure_boot          = false
    enable_vtpm                 = true
  }

  zone = "us-central1-f"

  metadata = {
    ssh-keys = "paul:ssh-rsa AAAAB3N*******"
  }
}

I also added a gcp_providers.tf:

terraform {
  required_providers {
    google = {
      source  = "hashicorp/google"
      version = "6.2.0"
    }
  }
}

provider "google" {
  project = "long-classifier-435414-r1"
  region  = "us-central1"
  zone    = "us-central1-f"
}

resource "google_compute_network" "vpc_network" {
  name = "terraform-network"
}

This easy setup really makes a difference in the time you need to spin it up!

Running Terraform

  1. Run terraform init to initialize the backend and specific provider plugins.
  2. Run terraform plan to see a list of all changes that are planned to be executed by Terraform. This step is optional but makes sense for visibility and checking reasons.
  3. Run terraform apply to set up your new Always Free VM 🎉.
  4. Run terraform destroy to delete all the settings you have created before.

Now, in my previous article about Oracle's OCI, I wrote, "This step might take up to a couple of minutes." Not anymore! Google spins up your VM in maybe 30 seconds, according to my experience. It's also much faster in destroying resources after you've given the command.

Comparison

So how do both cloud providers compare when it comes to their Always Free VMs now? Google is much easier for configuring access between Terraform and their Cloud Console and much faster in creating and removing the VM. However, I am more convinced by Oracle's way of compartmentalizing Free and Paid resources and giving the user clear information about when they might cross the border that makes a payment necessary. However, you still can't compare Google's GCP to Amazon's AWS. AWS deliberately tries to delude you about its costs and make it hard to gather information and easy to wake up with crazy charges on your credit card...

AWS meme