Reputation: 31620
How do I delete and replace the default GCP vpc with terraform?
Google recommends deleting and creating your own VPC for prod
This resource manages the default VPC: https://www.terraform.io/docs/providers/aws/r/default_vpc.html
But I want to set a different VPC to be the default and delete the auto created one.
How is this possible?
Upvotes: 3
Views: 7614
Answers (4)
Reputation: 13
Setting property auto_create_network = "false" and mentioning a billing account ID, while creating a GCP project as in the below code snippet, ensures that default network gets deleted.
resource "google_project" "project" {
name = "test"
project_id = "test-523"
billing_account = "xxxxx"
auto_create_network = "false"
}
Upvotes: 1
Reputation:
You can avoid/skip the default network creation by setting an Organization Policy Constraint.
gcloud resource-manager org-policies enable-enforce \
constraints/compute.skipDefaultNetworkCreation \
--organization ORGANIZATION_ID
more details in Organization Policy Constraints and Using boolean constraints in organization policy
Upvotes: 7
Reputation: 1520
The default network does not have any specific configuration that makes it be the default network. It is just the one network that is always created together with a new project, and whenever a network is not specified (for instance, when deploying a GAE flex application), the network used will be the one with the name default. When you create a project with Terraform, you can specify auto_network_creation = "false".
However, this will not prevent the creation of the default network, it will just delete it before the project is fully created. This means that, during the Terraform creation, it is not possible to create another network called default. That must be done after the original default network is created, hence, after the project creation.
You can try creating projects with Terraform using this tutorial. The next snippet is part of the tutorial, in which I included the line to delete the default network on project creation.
variable "project_name" {}
variable "billing_account" {}
variable "org_id" {}
variable "region" {}
provider "google" {
region = "${var.region}"
}
resource "random_id" "id" {
byte_length = 4
prefix = "${var.project_name}-"
}
resource "google_project" "project" {
name = "${var.project_name}"
project_id = "${random_id.id.hex}"
billing_account = "${var.billing_account}"
org_id = "${var.org_id}"
auto_create_network = "false" //This is supposed to delete default network on project creation
}
resource "google_project_services" "project" {
project = "${google_project.project.project_id}"
services = [
"compute.googleapis.com"
]
}
output "project_id" {
value = "${google_project.project.project_id}"
}
Nonetheless, I have tried it myself and the default network was still there.
Upvotes: 4
Reputation: 402
As in Terraform you describe desired state of your configuration it is not possible to implicit send "destroy request" to a resource that is not managed by Terraform.
However you could try importing it firstly then it will be managed by Terraform and as you do not include it in your *.tf files the default subnet should be deleted during terraform apply step.
Upvotes: 1
Related Questions
- Terraform is using wrong google project
- Terraform GCP Backend
- Terraform gcloud
- Unable to create gcp vpc using terraform
- Can't remove Google Cloud project
- Can't figure out the Terraform configuration equivalent for creating address for VPC Peering and networking service for GCP
- Terraform GCP VPC peering
- Terraform always tries to replace gcp compute instance without changes
- Create instance using terrafrom from GCP marketplace
- Where is the key?