GCP, terraform is installed on GCP project-A 'test-instance' instance, using terraform code, how to deploy/create instance on project-B?

Question

GCP, terraform is installed on GCP project-A 'test-instance' instance, using terraform how to deploy instance on project-B ?

I was able to do it using gcloud command, does anyone knows how to do it ?

provider "google" {
  project = "project-b"
  region = "us-central1"
  zone = "us-central1-c"
}

resource "google_compute_instance" "vm_instance" {
  name = "terraform-instance"
  machine_type = "f1-micro"

  boot_disk {
    initialize_params {
      image = "debian-cloud/debian-9"
    }
  }

  network_interface {
    # A default network is created for all GCP projects 
    network = "default"
    access_config {}
  }
}

Answer 1

The problem you are facing is around access control. You are trying to run terraform from a VM lives in Project-A and terraform code wants to create a new VM (or other resource) in Project-B.

By default, service account attached to Project-A VM does not have enough rights to create any resource in Project-B. To solve this, you can create a service account at Folder level (or Org level) which has permissions to create VM in required projects and then you can attach that service account to the VM which runs terraform.

Hope this helps.

Answer 2

I suggest you use Terraform Variables using .tfvars files and multiple Terraform Workspaces. You can then switch between workspaces and apply the tfvars for each particular project separately.

e.g.

# variables.tf

variable "project_id" {
  type        = string
}

And then use the variable in your terraform config:

# main.tf

provider "google" {
  project = var.project_id
  region = "us-central1"
  zone = "us-central1-c"
}

The tfvars will then look like this:

# vars/dev.tfvars

project_id = "my-dev-project"

Full invocation within your workspace (see the docs) can then be done using plan/apply as you would normally do:

terraform workspace select dev

terraform plan -var-file vars/dev.tfvars