main.tf:
provider "google" {
project = "PROJECT_ID"
}
resource "google_compute_instance" "test-ce" {
name = "test-ce"
machine_type = "e2-micro"
zone = "europe-central2-a"
boot_disk {
initialize_params {
image = "debian-12"
}
}
network_interface {
subnetwork = google_compute_subnetwork.test-ce.self_link
access_config {
}
}
metadata = {
enable-oslogin = true
}
}
resource "google_compute_instance" "test-ce2" {
name = "test-ce2"
machine_type = "e2-micro"
zone = "europe-central2-a"
boot_disk {
initialize_params {
image = "debian-12"
}
}
network_interface {
subnetwork = google_compute_subnetwork.test-ce.self_link
access_config {
}
}
metadata = {
block-project-ssh-keys = true
}
}
resource "google_compute_network" "test-ce" {
name = "test-ce"
auto_create_subnetworks = false
}
resource "google_compute_subnetwork" "test-ce" {
name = "test-ce"
ip_cidr_range = "10.0.0.0/20"
region = "europe-central2"
network = google_compute_network.test-ce.self_link
}
resource "google_compute_firewall" "test-ce-ssh" {
name = "test-ce-ssh"
network = google_compute_network.test-ce.self_link
source_ranges = ["35.235.240.0/20"]
allow {
protocol = "tcp"
ports = [22]
}
}// replace PROJECT_ID, SOURCE_IP
$ cp ~/.ssh/id_rsa.pub
$ docker run --rm -itv "$PWD:/app" -w /app google/cloud-sdk:457.0.0-alpine
/app # gcloud auth login --update-adc
/app # apk add terraform
/app # terraform init
/app # terraform apply
/app # gcloud compute ssh test-ce --project PROJECT_ID --zone europe-central2-a --tunnel-through-iap
/app # gcloud compute ssh me@test-ce2 --project PROJECT_ID --zone europe-central2-a --tunnel-through-iap