turbzcoding
Reputation: 203
Terraform Google Cloud: Making VM instance IP public
I have been struggling with this for a couple of hours now, so I thought I might as well ask for proper help.
I am trying to provision a VM instance with a public IP, but it doesnt seem to work. After provisioning, the IP throws a ERR_CONNECTION_REFUSED if I want to navigate to it. I have read through the docs, but could not find anything useful. Here is my large config:
provider "google" {
credentials = file("...")
project = var.gcp_project_id
region = var.gcp_region
zone = var.gcp_zone
}
resource "random_id" "name" {
byte_length = 2
}
locals {
# If name_override is specified, use that - otherwise use the name_prefix with a random string
private_network_name = "test-private-network-${random_id.name.hex}"
private_ip_name = "test-private-ip-${random_id.name.hex}"
}
# IP ADDRESS
resource "google_compute_address" "ip_address" {
project = var.gcp_project_id
region = var.gcp_region
name = "test-ip-${terraform.workspace}"
}
## Private network
resource "google_compute_network" "test_network" {
provider = google
name = local.private_network_name
}
# HTTP RULE
resource "google_compute_firewall" "test_http" {
project = var.gcp_project_id
name = "test-http-${terraform.workspace}"
network = google_compute_network.test_network.self_link
direction = "INGRESS"
priority = 1000
allow {
protocol = "tcp"
ports = ["80", "5433", "8000", "9540", "9808"]
}
source_ranges = ["0.0.0.0/0"]
target_tags = ["test-http-${terraform.workspace}"]
}
# HTTPS RULE
resource "google_compute_firewall" "test_https" {
project = var.gcp_project_id
name = "test-https-${terraform.workspace}"
network = google_compute_network.test_network.self_link
direction = "INGRESS"
priority = 1000
allow {
protocol = "tcp"
ports = ["443"]
}
source_ranges = ["0.0.0.0/0"]
target_tags = ["test-https-${terraform.workspace}"]
}
# SSH RULE
resource "google_compute_firewall" "test_ssh" {
project = var.gcp_project_id
name = "test-ssh-${terraform.workspace}"
network = google_compute_network.test_network.self_link
direction = "INGRESS"
priority = 65534
allow {
protocol = "tcp"
ports = ["22"]
}
source_ranges = ["0.0.0.0/0"]
target_tags = ["test-ssh-${terraform.workspace}"]
}
# ICMP RULE
resource "google_compute_firewall" "test_icmp" {
project = var.gcp_project_id
name = "test-icmp-${terraform.workspace}"
network = google_compute_network.test_network.self_link
direction = "INGRESS"
priority = 65534
allow {
protocol = "icmp"
}
source_ranges = ["0.0.0.0/0"]
target_tags = ["test-icmp-${terraform.workspace}"]
}
# INTERNAL RULE
resource "google_compute_firewall" "test_internal" {
project = var.gcp_project_id
name = "test-internal-${terraform.workspace}"
network = google_compute_network.test_network.self_link
direction = "INGRESS"
priority = 65534
allow {
protocol = "tcp"
ports = ["0-65535"]
}
source_ranges = ["0.0.0.0/0"]
target_tags = ["test-internal-${terraform.workspace}"]
}
# RDP RULE
resource "google_compute_firewall" "test_rdp" {
project = var.gcp_project_id
name = "test-rdp-${terraform.workspace}"
network = google_compute_network.test_network.self_link
direction = "INGRESS"
priority = 65534
allow {
protocol = "tcp"
ports = ["3389"]
}
source_ranges = ["0.0.0.0/0"]
target_tags = ["test-rdp-${terraform.workspace}"]
}
# Redis RULE
resource "google_compute_firewall" "test_redis" {
project = var.gcp_project_id
name = "test-redis-${terraform.workspace}"
network = google_compute_network.test_network.self_link
direction = "INGRESS"
priority = 1000
allow {
protocol = "tcp"
ports = ["6379"]
}
source_ranges = ["0.0.0.0/0"]
target_tags = ["test-redis-${terraform.workspace}"]
}
# test COMPUTE ENGINE INSTANCE
resource "google_compute_instance" "vm_instance" {
name = "${var.app_name}-vm-${terraform.workspace}"
project = var.gcp_project_id
machine_type = var.gcp_machine_type
zone = var.gcp_zone
tags = [
"test-ssh-${terraform.workspace}",
"test-http-${terraform.workspace}",
"test-https-${terraform.workspace}",
"test-icmp-${terraform.workspace}",
"test-internal-${terraform.workspace}",
"test-rdp-${terraform.workspace}",
"test-redis-${terraform.workspace}",
]
boot_disk {
initialize_params {
image = "ubuntu-2004-focal-v20210927"
size = 500
}
auto_delete = true
}
# Private
network_interface {
network = google_compute_network.test_network.self_link
access_config {
nat_ip = google_compute_address.ip_address.address
}
}
metadata_startup_script = file("startup.sh")
service_account {
scopes = ["storage-ro"]
}
}
Thanks a lot!
Upvotes: 0
Views: 624
Answers (1)
dany L
Reputation: 2654
SSH into your VM and run a curl localhost, if you get 200 response that means nothing is wrong with your VM or webserver.
Your next step is to check firewall and tags. Check whether your firewalls are actually targeting your instances.
The error you are seeing is documented here. In case you have nothing installed in your VM you can also check the apache server example in the same documentation.
Upvotes: 1
Related Questions
- Provision a GCP VM instance with no external IP via Terraform
- How do I attach a public AND private reserved IP to a GCE instance?
- GCP Compute engine terraform no external ipv4
- How to add a static IP to a GCE VM instance using Terraform
- Attach Domain Name to private internal IP with GCP terraform
- GCP Fetch Public IP address for compute instance created from google_compute_instance_template
- How to create GCP instance with public IP with terraform
- Terraform Shared VPC on GCP - Static Internal IP address
- Terraform - GCP create instance with static IP
- Provision a GCP VM instance with Static IP via Terraform