Steps to implement Hands-on Project - Mission 1
Creating the terraform-en-1 user using the IAM service
Access the AWS console (https://aws.amazon.com)
and log in with your newly created account. In the search bar, type IAM. In the Services section, click on IAM.
Click on Users and then Add users, enter the name terraform-en-1 and click Next to create a programmatic type user.
After advancing, in Set permissions, click on the Attach existing policies directly button.
Type AmazonS3FullAccess in Search.
Select AmazonS3FullAccess
Click on Next
Review all the details
Click on Create user
Creating the Access Key for the terraform-en-1 user using the IAM service
Access the terraform-en-1 user
Click on the Security credentials tab
Click on Create access key
Select Command Line Interface (CLI) and I understand the above recommendation and want to proceed to create an access key.
Click on Next.
Click on Create access key
Click on Download .csv file
After the download finishes, click on Done.
Once the download is complete, rename the .csv file to key.csv
Steps in Google Cloud Platform (GCP)
Preparing the environment to run Terraform
Access the Google Cloud Console (console.cloud.google.com)
and log in with your newly created account
Open the Cloud Shell
Download the mission1.zip file in the Google Cloud shell using the wget command
JSON
Copy
wget https://tcb-public-events.s3.amazonaws.com/icp/mission1.zip
Result
Upload the key.csv file to the Cloud Shell using the browser
Step 1
Step 2
Step 3
Verify if the mission1.zip and key.csv files are in the folder in the Cloud Shell using the command below
JSON
Copy
ls
Result
Execute the file preparation commands:
Plain Text
Copy
unzip mission1.zip
Plain Text
Copy
mv key.csv mission1/en
Plain Text
Copy
cd mission1/en
Plain Text
Copy
chmod +x *.sh
Result
Execute the commands below to prepare the AWS and GCP environment
Plain Text
Copy
mkdir -p ~/.aws/
Plain Text
Copy
touch ~/.aws/credentials_multiclouddeploy
Plain Text
Copy
./aws_set_credentials.sh key.csv
Plain Text
Copy
GOOGLE_CLOUD_PROJECT_ID=$(gcloud config get-value project)
Plain Text
Copy
gcloud config set project $GOOGLE_CLOUD_PROJECT_ID
Click on Authorize
Execute the command below to set the project in the Google Cloud Shell
Plain Text
Copy
./gcp_set_project.sh
Execute the commands to enable the Kubernetes, Container Registry, and Cloud SQL APIs
Plain Text
Copy
gcloud services enable containerregistry.googleapis.com
Plain Text
Copy
gcloud services enable container.googleapis.com
Plain Text
Copy
gcloud services enable sqladmin.googleapis.com
Plain Text
Copy
gcloud services enable cloudresourcemanager.googleapis.com
Plain Text
Copy
gcloud services enable serviceusage.googleapis.com
Plain Text
Copy
gcloud services enable compute.googleapis.com
Plain Text
Copy
gcloud services enable servicenetworking.googleapis.com --project=$GOOGLE_CLOUD_PROJECT_ID
Running Terraform to provision MultiCloud infrastructure in AWS and Google Cloud
Execute the following commands to provision infrastructure resources
Plain Text
Copy
cd ~/mission1/en/terraform/
Plain Text
Copy
terraform init
Plain Text
Copy
terraform plan
Plain Text
Copy
terraform apply
Attention: The provisioning process can take between 15 to 25 minutes to finish. Keep the CloudShell open during the process. If disconnected, click on Reconnect when the session expires (the session expires after 5 minutes of inactivity by default)
Appendix I - Destroying the environment and starting over
In case you have encountered any problem/error and want to reset the environment to start over, follow the step-by-step instructions below to remove the entire MultiCloud environment.
[Google Cloud] Delete VPC Peering
[Google Cloud] Delete remaining resources w/ Terraform - Cloud Shell
JSON
Copy
cd ~/mission1/en/terraform/
JSON
Copy
terraform destroy
Clean the Cloud Shell in AWS and Google Cloud
AWS
JSON
Copy
cd ~
JSON
Copy
rm -rf mission*
Google Cloud
JSON
Copy
cd ~
JSON
Copy
rm -rf mission*
JSON
Copy
rm -rf .ssh
Security Tips
For production environments, it's recommended to use only the Private Network for database access.
Never provide public network access (0.0.0.0/0) to production databases.
By reaching this point, you have completed the implementation of the first part of the Hands-on Project and have implemented resources in a MultiCloud (AWS and Google Cloud) environment using Terraform!
Congratulations!
No Comments