diff --git a/.gitignore b/.gitignore index d84e95c..781794d 100644 --- a/.gitignore +++ b/.gitignore @@ -7,3 +7,4 @@ crash.log override.tf override.tf.json +plan diff --git a/.terraform-version b/.terraform-version index a803cc2..1282fff 100644 --- a/.terraform-version +++ b/.terraform-version @@ -1 +1 @@ -0.14.0 +0.15.5 diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl old mode 100755 new mode 100644 index 530f2ef..27da741 --- a/.terraform.lock.hcl +++ b/.terraform.lock.hcl @@ -2,37 +2,39 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/google" { - version = "3.49.0" - constraints = ">= 3.49.0" + version = "3.70.0" + constraints = ">= 3.70.0" hashes = [ - "h1:r9DGN02xsR8k9hFqt37Yt7GjwVx34SJXqanR2igjm9Y=", - "zh:00ea68b3a3b6e11ea469f47ee949c7f8f5751f935a3366152f9d3c6660c27e9b", - "zh:1ef3efc2e81fa31ceb04e39ae25acd0f061629f104827e127bdb4345e95f37d0", - "zh:6bf00943baa776adef0bbc914886359cf95c505b0494f3936cedac5cd1e01a00", - "zh:7d2cce5a9be476d8eee67435d854d094f82b5814a0e34964d10f28c1e88a2c8f", - "zh:841d074e3fb06f0df7c930bc0c4a9733ce0c5f1a19d6af98632a7931d2ca6a59", - "zh:8920ccd27c8904fcf5d701d71baee4f64d9d6f1383e66c4673909d9c53895057", - "zh:91d4479d2d461ad582d127d47aa7094bd74a1278cc8d78ad36a1c4f31301f4f0", - "zh:a97c19cdb42b5f7e4e297183d60eaa45843ee7b0adde1120e47026c4cae456c1", - "zh:cbd862cc4d21866bb832e3e7fe4e6ed959f5e5363bcf3d74e476b42fec716efe", - "zh:ec3c63ba6db74b353fafff6aedbb30e3eb1a4e5c856b4920c7ffa10d7081cbbd", + "h1:BDbh9qJsoTo3MZz6Bff4ZUI/bK2Ss4IWeSkVFlB1WAM=", + "zh:26f37fc308ddb20baf20efd93726b2ff7894310c4980c07f3e0ae467ff3cad82", + "zh:40cd363b7a325833685940b5fd6d6ba5a54d1a637dba06ae05114facdf7f49a9", + "zh:42ee807cba7f0e1c06b52b3a70ee5da707a38d7a73a459e99cadd733a38f53a5", + "zh:57d6fd677c699be7ae97cfcd831283e2d04b1e168c9906ab49a499663ba0c801", + "zh:7238128698516b9a6f7d49b1f772aeee0234e162997ca5fd16315c6a57c8fead", + "zh:77d923faac5dd9744a4e0ba4d47a8b2de19358fff9b2060b82b127694a48c9d2", + "zh:7fdfb1b0bce09bbae8ab4d6c44d72ddbaddddf14c6aca3d952f71e03a57d9d0d", + "zh:a14af8edad375b15502cb33c2ac9a401b14c891832b4257056d86a4f65a453f7", + "zh:c8a7b2202db3ffaad11011911181a382f3b55a0804d3c0a1177e6431a391e426", + "zh:cd0818982ee24c8bd1caed93816b6f15fa1cef07de39d1edf5110fd17e892430", + "zh:d2abded6c1088a85d7487369998c71652a338b46b1646e67676a717ff1f394f8", ] } provider "registry.terraform.io/hashicorp/tfe" { - version = "0.23.0" - constraints = ">= 0.23.0" + version = "0.25.3" + constraints = ">= 0.25.0" hashes = [ - "h1:uL/ncubyON0u4VZTRwIBdT+lzsOEloDraZUwVhh5M3g=", - "zh:229d02658c011c184c63eecbdb0af5e1366d14dfab78862345b6d907c2e253e5", - "zh:4aac896b2570ad6fd96a7a297c3e67cf60cea7b4ef3c845d0fe432c739c665fa", - "zh:58638104a55cd0ad413d81a4b022d155658e70ea2f07d4b70298e7238a016f20", - "zh:63f36714ec2cc23d74f8b90eb4e71168071ac84036fbd21612fa92dc2349c911", - "zh:6db95efac6cd067892753edfc18bfa24a8ac46088c751ae86efd78e54f4d3938", - "zh:7750f7f552e30c3b930375f3aeb202ad527723344df7a80a6e20eb37f7918d68", - "zh:a5052ec512d77b079b8e734528f1859a113254fdb7d48646e9f69dfba670e09b", - "zh:a64f492553ba2c9176f620f419464c1409fe5a277b75e268cc5418df74c25d4e", - "zh:c29b855c789edbc6d7f4601e6ff0462476c8a554937c57ff49fb9fbeaa41328a", - "zh:e17469b18f6e2156d5d941a46d402423bc88b3ed7e097022fd906c09ee66d033", + "h1:lAHc3GGPq6MXy0F/RV9lLubshDz8fEPpqlE+Eqk0RC0=", + "zh:0979c23a42fb096ead4899ecd8117ef31dffaff68868eb59a4c00ff7aaa7ca52", + "zh:43b8f61b152cfa4e7568cff49c2252a4d67d35a8b3e3ce42fc87b0a2f86e80f1", + "zh:5326953390b5fa681a3f1989165f74782a06df2c27b2f833a592300ca5f7c84c", + "zh:79757c9ebbecba1ad6c76b49e382a36dcc56b94de04e6579b698bd574d5d42be", + "zh:92a91c40df51110a08597994c4af9c27d04ea86d36495056237c346324e1b993", + "zh:92def252c4e17c700d472b3bbbcf2396a92aa256d52382fddf24c5d9bbd56eea", + "zh:9f99e2f739439d395fc1a466448f799318cb7444268071cc57f43dbf0284d321", + "zh:a4421f846b0ffad38dbbc526be8f2bdb4ef67cbd1e4006f18232576865bb4510", + "zh:adefbca4d3041aa0d40aa347d6b6ebaa608ed797e132869cb2c0e43f83082e1f", + "zh:eb07847e98ee6fd7ad116a6c8f5563267393fd96b1e1e3d71c0f658114d1f2c7", + "zh:fe03bd4d2d34cd6d4a98d18910f95adb29e8e8ca844cab5614ba392a24f2ff6f", ] } diff --git a/README.md b/README.md index 546fbf2..87e0a4d 100644 --- a/README.md +++ b/README.md @@ -3,35 +3,42 @@ This repo demonstrates how to create a Cloud SQL DB with a private IP address only, and connect to it with [Cloud SQL Proxy](https://cloud.google.com/sql/docs/postgres/sql-proxy). The full explanation of how this works can be found in [this blog post](https://medium.com/@ryanboehning/how-to-deploy-a-cloud-sql-db-with-a-private-ip-only-using-terraform-e184b08eca64). -Terraform v0.14.0 or higher is required. +Terraform v0.15.0 or higher is required. -## Deploy the db and Cloud SQL Proxy +## How To Use -```bash -gcloud services enable \ - cloudresourcemanager.googleapis.com \ - compute.googleapis.com \ - iam.googleapis.com \ - oslogin.googleapis.com \ - servicenetworking.googleapis.com \ - sqladmin.googleapis.com +1. Set the name of your Terraform Cloud organization in `backend.tf`. -terraform init -terraform apply -``` +2. Deploy the db and Cloud SQL Proxy -## Upload your public SSH key to Google's OS Login service + ```bash + gcloud services enable \ + cloudresourcemanager.googleapis.com \ + compute.googleapis.com \ + iam.googleapis.com \ + oslogin.googleapis.com \ + servicenetworking.googleapis.com \ + sqladmin.googleapis.com -```bash -gcloud compute os-login ssh-keys add --key-file=~/.ssh/id_rsa.pub --ttl=365d -``` + terraform init + terraform apply + ``` -## Connect to the private db through Cloud SQL Proxy +3. Upload your public SSH key to Google's OS Login service -```bash -# get your SSH username -gcloud compute os-login describe-profile | grep username + ```bash + gcloud compute os-login ssh-keys add --key-file=~/.ssh/id_rsa.pub --ttl=365d + ``` -# psql into your private db -ssh -t @ docker run --rm --network=host -it postgres:13-alpine psql -U postgres -h localhost -``` +4. Connect to the private db through Cloud SQL Proxy + + ```bash + # get your SSH username + gcloud compute os-login describe-profile | grep username + + # get the public IP of the instance running Cloud SQL Proxy + CLOUD_SQL_PROXY_IP=$(terraform output proxy_ip) + + # psql into your private db + ssh -t @$CLOUD_SQL_PROXY_IP docker run --rm --network=host -it postgres:13-alpine psql -U postgres -h localhost + ``` diff --git a/backend.tf b/backend.tf new file mode 100644 index 0000000..d32e086 --- /dev/null +++ b/backend.tf @@ -0,0 +1,8 @@ +terraform { + backend "remote" { + organization = "studybeast-org" + workspaces { + name = "private-ip-cloud-sql-db" + } + } +} diff --git a/main.tf b/main.tf index ac983b3..dbb47e0 100644 --- a/main.tf +++ b/main.tf @@ -1,38 +1,3 @@ -// root module - -terraform { - required_version = ">= 0.14.0" - required_providers { - tfe = { - source = "hashicorp/tfe" - version = ">= 0.23.0" - } - google = { - source = "hashicorp/google" - version = ">= 3.49.0" - } - } - backend "remote" { - organization = "my-terraform-cloud-org" - workspaces { - name = "private-ip-cloud-sql-db" - } - } -} - -locals { - db_username = "my_user" # Postgres username - gcp_project_name = "my-gcp-project-274601" - gcp_region = "us-central1" - gcp_zone = "us-central1-b" -} - -provider "google" { - project = local.gcp_project_name - region = local.gcp_region - zone = local.gcp_zone -} - module "vpc" { source = "./modules/vpc" @@ -45,7 +10,7 @@ module "db" { disk_size = 10 instance_type = "db-f1-micro" password = var.db_password # This is a variable because it's a secret. It's stored here: https://app.terraform.io/app//workspaces//variables - user = local.db_username + user = var.db_username vpc_name = module.vpc.name vpc_link = module.vpc.link @@ -64,10 +29,10 @@ module "dbproxy" { machine_type = "f1-micro" db_instance_name = module.db.connection_name # e.g. my-project:us-central1:my-db - region = local.gcp_region - zone = local.gcp_zone + region = var.gcp_region + zone = var.gcp_zone - # By passing the VPC name ("main-vpc") as the output of the VPC module - # (module.vpc.name), we ensure the VPC will be created before the proxy. + # By passing the VPC name as the output of the VPC module we ensure the VPC + # will be created before the proxy. vpc_name = module.vpc.name } diff --git a/modules/dbproxy/outputs.tf b/modules/dbproxy/outputs.tf new file mode 100644 index 0000000..86cfbd5 --- /dev/null +++ b/modules/dbproxy/outputs.tf @@ -0,0 +1,4 @@ +output "public_ip" { + description = "The public IP of the bastion instance running Cloud SQL Proxy" + value = google_compute_instance.db_proxy.network_interface.0.access_config.0.nat_ip +} diff --git a/outputs.tf b/outputs.tf new file mode 100644 index 0000000..3c51705 --- /dev/null +++ b/outputs.tf @@ -0,0 +1,7 @@ +output "proxy_ip" { + description = <<-EOT + The public IP of the instance running Cloud SQL Proxy. psql into this + instance to connect to your private db. + EOT + value = module.dbproxy.public_ip +} diff --git a/providers.tf b/providers.tf new file mode 100644 index 0000000..68d940f --- /dev/null +++ b/providers.tf @@ -0,0 +1,5 @@ +provider "google" { + project = var.gcp_project_name + region = var.gcp_region + zone = var.gcp_zone +} diff --git a/variables.tf b/variables.tf index 4f9d47d..dde7a99 100644 --- a/variables.tf +++ b/variables.tf @@ -1,7 +1,25 @@ -// root module - variable "db_password" { description = "The Postgres password" type = string sensitive = true } + +variable "db_username" { + description = "The Postgres username" + type = string +} + +variable "gcp_project_name" { + description = "The name of the GCP project where the db and Cloud SQL Proxy will be created" + type = string +} + +variable "gcp_region" { + description = "The GCP region where the db and Cloud SQL Proxy will be created" + type = string +} + +variable "gcp_zone" { + description = "The GCP availability zone where the db and Cloud SQL Proxy will be created" + type = string +} diff --git a/versions.tf b/versions.tf index 5e4ce43..75726b0 100644 --- a/versions.tf +++ b/versions.tf @@ -1,3 +1,14 @@ terraform { - required_version = ">= 0.14" + required_version = ">= 0.15" + + required_providers { + tfe = { + source = "hashicorp/tfe" + version = ">= 0.25.0" + } + google = { + source = "hashicorp/google" + version = ">= 3.70.0" + } + } }