webmasterdevlin/main.tf

## main.tf
provider "google" {
  credentials = file("service-account.json") # the file that holds your credentials
  project     = var.project_name
  region      = var.region
  zone        = var.region_zone
}

resource "random_id" "instance_id" {
  byte_length = 4
}

resource "google_compute_instance" "cluster1" {
  name         = "armor-gce-${random_id.instance_id.hex}"
  machine_type = "f1-micro"

  boot_disk {
    initialize_params {
      image = "debian-cloud/debian-9"
    }
  }

  network_interface {
    network = "default"
    access_config {

    }
  }

  metadata_startup_script = "sudo apt-get update; sudo apt-get install -yq nginx; sudo service nginx restart"
}

resource "google_compute_firewall" "cluster1" {
  name    = "armor-firewall"
  network = "default"

  allow {
    protocol = "tcp"
    ports    = ["80", "43"]
  }
}

resource "google_compute_instance_group" "webservers" {
  name        = "instance-group-all"
  description = "An instance group for the single GCE instance"

  instances = [
    google_compute_instance.cluster1.self_link,
  ]

  named_port {
    name = "http"
    port = "80"
  }
}

resource "google_compute_target_pool" "example" {
  name = "armor-pool"

  instances = [
    google_compute_instance.cluster1.self_link,
  ]

  health_checks = [
    google_compute_http_health_check.health.name,
  ]
}

resource "google_compute_http_health_check" "health" {
  name               = "armor-healthcheck"
  request_path       = "/"
  check_interval_sec = 1
  timeout_sec        = 1
}

resource "google_compute_backend_service" "website" {
  name        = "armor-backend"
  description = "Our company website"
  port_name   = "http"
  protocol    = "HTTP"
  timeout_sec = 10
  enable_cdn  = false

  backend {
    group = google_compute_instance_group.webservers.self_link
  }

  security_policy = google_compute_security_policy.security-policy-1.self_link

  health_checks = [google_compute_http_health_check.health.self_link]
}

resource "google_compute_security_policy" "security-policy-1" {
  name        = "armor-security-policy"
  description = "example security policy"

  rule {
    action   = "deny(403)"
    priority = "2147483647"

    match {
      versioned_expr = "SRC_IPS_V1"

      config {
        src_ip_ranges = ["*"]
      }
    }

    description = "Default rule, higher priority overrides it"
  }

  rule {
    action   = "allow"
    priority = "1000"

    match {
      versioned_expr = "SRC_IPS_V1"

      config {
        src_ip_ranges = var.ip_white_list
      }
    }

    description = "allow traffic from 192.0.2.0/24"
  }
}

resource "google_compute_global_forwarding_rule" "default" {
  name       = "armor-rule"
  target     = google_compute_target_http_proxy.default.self_link
  port_range = "80"
}

resource "google_compute_target_http_proxy" "default" {
  name    = "armor-proxy"
  url_map = google_compute_url_map.default.self_link
}

resource "google_compute_url_map" "default" {
  name            = "armor-url-map"
  default_service = google_compute_backend_service.website.self_link

  host_rule {
    hosts        = ["mysite.com"]
    path_matcher = "allpaths"
  }

  path_matcher {
    name            = "allpaths"
    default_service = google_compute_backend_service.website.self_link

    path_rule {
      paths   = ["/*"]
      service = google_compute_backend_service.website.self_link
    }
  }
}

output "ip" {
  value = google_compute_global_forwarding_rule.default.ip_address
}

variable "region" {
  default = "us-west1"
}

variable "region_zone" {
  default = "us-west1-a"
}

variable "project_name" {
  default     = "terraform-demo-cfp"
  description = "The ID of the Google Cloud project"
}


variable "ip_white_list" {
  description = "A list of ip addresses that can be white listed through security policies"
  default     = ["192.0.2.0/24"]
}
	provider "google" {
	credentials = file("service-account.json") # the file that holds your credentials
	project = var.project_name
	region = var.region
	zone = var.region_zone
	}

	resource "random_id" "instance_id" {
	byte_length = 4
	}

	resource "google_compute_instance" "cluster1" {
	name = "armor-gce-${random_id.instance_id.hex}"
	machine_type = "f1-micro"

	boot_disk {
	initialize_params {
	image = "debian-cloud/debian-9"
	}
	}

	network_interface {
	network = "default"
	access_config {

	}
	}

	metadata_startup_script = "sudo apt-get update; sudo apt-get install -yq nginx; sudo service nginx restart"
	}

	resource "google_compute_firewall" "cluster1" {
	name = "armor-firewall"
	network = "default"

	allow {
	protocol = "tcp"
	ports = ["80", "43"]
	}
	}

	resource "google_compute_instance_group" "webservers" {
	name = "instance-group-all"
	description = "An instance group for the single GCE instance"

	instances = [
	google_compute_instance.cluster1.self_link,
	]

	named_port {
	name = "http"
	port = "80"
	}
	}

	resource "google_compute_target_pool" "example" {
	name = "armor-pool"

	instances = [
	google_compute_instance.cluster1.self_link,
	]

	health_checks = [
	google_compute_http_health_check.health.name,
	]
	}

	resource "google_compute_http_health_check" "health" {
	name = "armor-healthcheck"
	request_path = "/"
	check_interval_sec = 1
	timeout_sec = 1
	}

	resource "google_compute_backend_service" "website" {
	name = "armor-backend"
	description = "Our company website"
	port_name = "http"
	protocol = "HTTP"
	timeout_sec = 10
	enable_cdn = false

	backend {
	group = google_compute_instance_group.webservers.self_link
	}

	security_policy = google_compute_security_policy.security-policy-1.self_link

	health_checks = [google_compute_http_health_check.health.self_link]
	}

	resource "google_compute_security_policy" "security-policy-1" {
	name = "armor-security-policy"
	description = "example security policy"

	rule {
	action = "deny(403)"
	priority = "2147483647"

	match {
	versioned_expr = "SRC_IPS_V1"

	config {
	src_ip_ranges = ["*"]
	}
	}

	description = "Default rule, higher priority overrides it"
	}

	rule {
	action = "allow"
	priority = "1000"

	match {
	versioned_expr = "SRC_IPS_V1"

	config {
	src_ip_ranges = var.ip_white_list
	}
	}

	description = "allow traffic from 192.0.2.0/24"
	}
	}

	resource "google_compute_global_forwarding_rule" "default" {
	name = "armor-rule"
	target = google_compute_target_http_proxy.default.self_link
	port_range = "80"
	}

	resource "google_compute_target_http_proxy" "default" {
	name = "armor-proxy"
	url_map = google_compute_url_map.default.self_link
	}

	resource "google_compute_url_map" "default" {
	name = "armor-url-map"
	default_service = google_compute_backend_service.website.self_link

	host_rule {
	hosts = ["mysite.com"]
	path_matcher = "allpaths"
	}

	path_matcher {
	name = "allpaths"
	default_service = google_compute_backend_service.website.self_link

	path_rule {
	paths = ["/*"]
	service = google_compute_backend_service.website.self_link
	}
	}
	}

	output "ip" {
	value = google_compute_global_forwarding_rule.default.ip_address
	}

	variable "region" {
	default = "us-west1"
	}

	variable "region_zone" {
	default = "us-west1-a"
	}

	variable "project_name" {
	default = "terraform-demo-cfp"
	description = "The ID of the Google Cloud project"
	}


	variable "ip_white_list" {
	description = "A list of ip addresses that can be white listed through security policies"
	default = ["192.0.2.0/24"]
	}