Google Cloud Build + Terraform

What is CloudBuild and how is it giving me better security and build times with Terraform?

Read Time3 Minutes, 58 Seconds

As you may know from reading my previous blog posts that I’ve been learning Terraform and what I can do with it, and recently I’ve been trying to find a better way to deploy Terraform rather than doing it locally, I then found Google Cloud Build.

What Cloud Build allows me to do is create my Terraform builds straight from my GitHub, if you want to read about how it actually works you can go here.

Also, just a side note, I only just started learning CloudBuild this week, so I’m no expert.

So how does CloudBuild launch my Terraform builds?

The way CloudBuild works is it allows you to build your code via a config file or a Docker image, I went with creating it via a config file as it allowed me to define how I wanted my Terraform to build. I guess if you had some custom code that needed to be run in a specific way then you would have your own custom docker image and use that.

My CloudBuild Lab

So I have a few Terraform configs and modules but I wanted to see how I could go about using my Minecraft config and how much quicker it would be via CloudBuild, also if you haven’t read / watched my Minecraft Terraform build you can find it here.

So below is my Terraform config that will launch my Minecraft environment, as you can see I don’t have a credentials file since this is been run directly in Google Cloud I can use the CloudBuild service account.

provider "google" {
  project     = "${var.project_name}"
  region      = "${var.region_name}"
  zone        = "${var.zone_name}"

//Aditional HDD
resource "google_compute_disk" "default" {
  name = "minecraft-disk"
  type = "pd-ssd"
  zone = "${var.zone_name}"
  physical_block_size_bytes = "16384"

//Static IP
resource "google_compute_address" "static-ip-address" {
  name = "mcs-ip"
//Create VM
resource "google_compute_instance" "default" {
  name = "${var.instance_name}"
  machine_type = "${var.machine_type}"

  boot_disk {
      initialize_params {
          image = "${var.instance_image}"
  attached_disk {
      source = "${google_compute_disk.default.self_link}"
  network_interface {
      network = "${}"
      subnetwork = "${var.subnetwork}"
      access_config {
          nat_ip = "${google_compute_address.static-ip-address.address}"

  metadata = {
      startup-script = <<SCRIPT
      mkdir -p /home/minecraft
      mkfs.ext4 -F -E lazy_itable_init=0,lazy_journal_init=0,discard /dev/disk/by-id/google-minecraft-disk
      mount -o discard,defaults /dev/disk/by-id/google-minecraft-disk /home/minecraft
      apt-get update
      apt-get install -y default-jre-headless
      cd /home/minecraft
      java -Xms1G -Xmx3G -d64 -jar server.jar nogui
      sed -i 's/false/true/g' eula.txt
      java -Xms1G -Xmx3G -d64 -jar server.jar nogui

//Network creation
resource "google_compute_network" "vpc-network" {
    name = "${var.instance_network}"
//firewall rules
resource "google_compute_firewall" "default" {
    name = "allow-mcs"
    network= "${}"
    allow {
        protocol = "tcp"
        ports    = ["25565"]
    source_ranges = [""]

resource "google_compute_firewall" "defaultssh" {
    name = "allow-ssh"
    network= "${}"
    allow {
        protocol = "tcp"
        ports    = ["22"]
    source_ranges = [""]

resource "google_storage_bucket" "default" {
    name     = "nlwilkingminecraftstoragebucket2019"

So for me to run this via CloudBuild I needed to tell CloudBuild how to handle it, and that is done via a cloudbuild.yaml file.

# 1. Fetch the source code
- name:
  id: build-repo
  args: ['clone', '']

# 2a. Set up GCS & BQ etc. using public terraform Docker image
- name: hashicorp/terraform
  id: terraform-init
  args: ['init']
  dir: '.'

# 2b. Create the GCS bucket using Terraform
- name: hashicorp/terraform
  id: terraform-plan
  args: ['plan']
  dir: '.'

# 2b. Create the GCS bucket using Terraform
- name: hashicorp/terraform
  id: terraform-apply
  args: ['apply', '-auto-approve']
  dir: '.'

So from what you can see above, a number of things are going to happen.

  1. It grabs the source code from my Repo
  2. It builds a Docker instance running Terraform
  3. It runs a Terraform init
  4. It Runs a Terraform plan
  5. It runs a Terraform apply with the auto approve flag.
Cloud Build

CloudBuild lists the steps that are run and will give you some good feedback if something breaks.

What’s so good about using CloudBuild?

CloudBuild makes it easy to manage your build, and you don’t need to worry about having to pull your code from your repo to run it, as well as managing .JSON credentials as it’s all run under a service account, another cool thing I’ve done is made a backend which stores my state file in Google Cloud Storage so that my state is always protected, which was always a concern when running things local.

You are not limited to just GitHub either as it supports Googles source repos and Bit bucket.

I’m going to make a video about to later on to really show it off, but until then here’s a good video to watch.

0 0
0 %
0 %
0 %
0 %
0 %

Leave a Reply

Your email address will not be published. Required fields are marked *