Page Comparison

...

• Prerequisites to run Terraform from GCP cloud shell

• Prerequisites to run Terraform form Local Machine

• Automated resource creation using Terraform from GCP

• Automated resource creation using Terraform from Local Machine

• Encryption Key (CMK) support in GCP Terraform

Prerequisites to run Terraform from GCP cloud shell

Anchor
preqcloudshell preqcloudshell

• You need a valid Google Cloud Platform account. This account will be used to authenticate Terraform to interact with GCP resources.

• The following permissions are required:

  • Editor Role

  • Secret Manager Admin

  • Storage Object Admin

  • storage.buckets.get

  • storage.buckets.update

  • storage.objects.update

• Google Console users must have the privilege to launch Google resources like Instances, Dataproc cluster, Google Storage, and Disks in the project.

• Logged-in users must have the privilege to launch Gcloud in GCP. 

• To use an existing service account for deployments, it must possess specific permissions as outlined in add the cloudfunctions.admin role. Additionally, for specific permissions, see the Prerequisites for deploying Kyvos in a GCP environment section.

• To use an existing VPC for deployments, it must possess specific permissions as outlined in the Prerequisites for deploying Kyvos in a GCP environment section.

• To use an existing bucket for deployments, it must possess specific permissions as outlined in the Prerequisites for deploying Kyvos in a GCP environment section.

...

1. Open a terminal or command prompt on your local machine.

2. Navigate to your Terraform configuration directory (where your .tf files are located).

3. Create a directory named terraform and add subdirectories and files according to the following specifications:

   Image RemovedImage Added

4. Access the kyvosparams.tfvars file located in the conf directory, and configure the parameters as needed for your deployment

5. Cd inside the bin folder, execute the ./deploy.sh command. This command will initialize Terraform, generate a plan, and apply the configuration as specified in the kyvosparams.tfvars file.

6. Review the output to ensure Terraform will create, modify, or delete the resources as expected.

   • If you need to interrupt the script while it's running, press Ctrl+Z.

   • If you need to make modifications to the kyvosparams.tfvars file, do so accordingly.

7. Upon successful execution of this command, Terraform will display the outputs as specified in the configuration.

8. To destroy your entire deployment, simply execute the ./deploy.sh destroy command.

Encryption Key (CMK) support in GCP Terraform

Anchor
cmk cmk

• To run deployment with encryption, set the value of enableEncryption parameter to true.

• To run deployment with encryption with new cmk:
  To use an existing service account for deployments, the following permissions are needed:

  • roles/cloudkms.cryptoKeyEncrypter

  • roles/cloudkms.cryptoKeyDecrypter

  • roles/cloudkms.cryptoKeyEncrypterDecrypter

• To use the BYOK (Bring Your Own Key) feature: The service agent must be present in the project where the user is going to deploy for Google Cloud Storage and Secret Manager. For more details, refer to Google documentation.

• To use an existing key, specify cmkKeyRingName and cmkKeyName in the parameter.

• To use an existing service account for deployments, the following permissions are needed:

  • roles/cloudkms.cryptoKeyEncrypter

  • roles/cloudkms.cryptoKeyDecrypter

  • Roles/cloudkms.cryptoKeyEncrypterDecrypter