Learn Terraform with Google Cloud Platform – Infrastructure as Code Course

**Deploying a Website to GCP using Terraform**

In this project, we deployed all the resources necessary using Terraform to Google Cloud Platform (GCP). The goal was to host a website on GCP and make it accessible via a custom domain. We started by initializing our Terraform project with `terraform init`, which sets up the necessary files and folders.

Next, we created a new Terraform configuration file called `main.tf` that defined all the resources needed for our website. These included five key components: a backend bucket to store our website's static files, a load balancer to distribute traffic to our website, a Cloud CDN to improve performance, a cloud storage bucket to store our website's files, and a DNS record set to point our custom domain to the load balancer.

The `main.tf` file was used to create these resources, and we ran `terraform apply` to deploy them to GCP. The process took some time, but eventually, all five resources were created successfully.

To verify that our website was working as expected, we accessed its URL by navigating to the IP address of the load balancer and adding `/index.html` to the end. This worked perfectly, and we could see our website being served by the load balancer.

The next step was to create a DNS record set for our custom domain, `gcp.reship.cloud`. We used Terraform's `resource` keyword to create this resource, which pointed to the IP address of our load balancer. This completed the deployment of our website on GCP.

However, we didn't quite finish yet. To enable HTTPS or SSL encryption for our website, we needed to add a Google Compute Managed SSL Certificate. We created this certificate using Terraform's `resource` keyword and specified the domain name `gcp.reship.cloud`. While this was set up, it would take some time for the SSL certificate to be provisioned.

Fortunately, we could test that our website was working as expected with HTTPS by navigating to its URL in a web browser. This worked perfectly, and we could see our website being served over Port 443 with an SSL certificate.

**Cleaning Up**

Finally, when we were finished with our project, we used `terraform destroy` to clean up all the resources that had been created. This command deleted nine resources, including the backend bucket, load balancer, Cloud CDN, cloud storage bucket, and DNS record set. It also took care of deleting the Terraform state files.

**Best Practices**

One important thing to note is that you should never push your API keys or service credentials to a public GitHub repository. Instead, you should add them to your Git ignore file or store them securely elsewhere. This ensures that only authorized personnel have access to your GCP account.

For future reference, we also created a sample `gitignore` file that includes Terraform state files and other sensitive data. You can find this file on our GitHub repository, which is linked in the description below.

In conclusion, this project demonstrated how to deploy a website to GCP using Terraform. We learned about the different components required for a basic website deployment, including load balancers, Cloud Storage buckets, DNS record sets, and SSL certificates. We also explored some best practices for securing our API keys and sensitive data in GCP.

"WEBVTTKind: captionsLanguage: endive into the world of infrastructure as code with this Hands-On course by rishabh Kumar who will guide you through the essentials of deploying a website on Google Cloud platform using terraform through this course you'll gain hands-on experience deploying a fully functional website on Google Cloud platform you'll learn to write terraform code manage Cloud resources and handle custom domain configurations all while understanding the principles of effective and efficient infrastructure management by the end of this course you'll be well equipped with the Knowledge and Skills to leverage terraform in creating and managing scalable and automated infrastructures on the cloud so let's begin today I'll talk about the famous infrastructure as code tool known as terraform and will deploy a website to gcp which is the Google Cloud platform and if you are not familiar with infrastructure as code it is one of the important devops principle which allows you to deploy your infrastructure to any of the cloud providers using a code file which makes automation easy so let's dive into what we'll be needing today so for the requirements first of all you need a gcp account which would allow you to deploy resources to the Google Cloud platform you'll also need terraform installed on your Dev machine and since we'll be deploying a website you need a domain name that we can point our website to and at last we also need the gcloud CLI installed and authenticated on our Dev machine going over the architecture diagram this is what we'll deploy today so if any of the users try to visit our website Cloud DNS which is a gcp service we'll handle that request of whatever our domain name is or go to the CDN which is again gcp service known as content distribution Network and then we'll be using a cloud load balancer to forward those requests to cloud storage where we will have a bucket containing our website content so this is the architecture diagram gives you kind of an overview of all the resources that we'll be needing today in gcp to deploy our website so before we start with any terraform code I want to make sure you have your Google Cloud account set up so if you haven't created an account you'll need an account with active billing even though the cost for this project will be minimal since we are using Google Cloud Storage to store our website content couple of cents for that per month but you can incur charges for your load balancers as we saw in the architecture diagram that being said you still get some credits you also get a free tier from Google Cloud so for your Google account what you want to do is in order to manage the resources efficiently you have projects in Google Cloud so you can go ahead and create a new project after you have created your account for you to deploy the infrastructure so I have created a YouTube Project here as you can see and have selected that Google Cloud gives a random project ID or you can choose your own project ID and I have selected that as my project for today's course now there are a few apis that you have to make sure are enabled so you need Cloud DNS API since we'll be using a domain name you also need compute engine API since we'll be using the load balancer and you also need IIM API and I'll tell you why in order to enable these apis on your home page of the project you can see there's quick access menu and you have API and services if you click on that you'll be able to enable different apis and services so you can search for cloud DNS API and as you can see it shows up the cloud DNS API on my project it's already enabled but if you don't have it enabled here will be a button saying enable this API similarly if we search for compute engine API for our load balancer we can enable that too and then last but not the least is IM API so make sure all these apis are enabled and we need these in order to proceed with our project today so after we have done that what I'll do is create a service account for terraform to authenticate to Google Cloud since we'll be using terraform to deploy our infrastructure for our website it needs a way to authenticate to Google Cloud to deploy that infrastructure and the way it does that is through a service account there is a documentation available from Google Cloud on how to create a service account and I'll make sure it's linked down in the resources below but I'll just show you how you can create one so if we go to service account which is available in IIM and admin and if you go to service accounts you'll see that I have two service accounts here let's click on create a service account and now you can name this accordingly so let's name it free code Camp Dash terraform and then Google Cloud will also sign it a service account ID and you can put in the description saying terraform gcp and then you can click on Create and continue where It'll ask which role you want to assign so I highly suggest you fine grain the access that you provide the service account since I showed in the architecture diagram that will be using Cloud DNS CDN load balancing and cloud storage you can limit the access for this service account only for those Services by searching for those Services here but for the purposes of this demo I'm just gonna go with basic and click owner but you can see there is a message saying full access to most Google Cloud resources see the list of included permissions if by mistake you expose your service key which will generate and store today for our terraform project if you expose it publicly you have the risk of individuals having access to your entire Google Cloud account so make sure you have fine-grained your access to this service account but I'll choose owner for the purposes of this demo so I have given the owner access and now we can click on done and you can see it generated a service account called free code Camp terraform so now we'll need an API key for this service account and how you can do that is by clicking on Keys click on ADD key create new key and let's go with the Json format it's also the recommended format by Google Cloud if you click on create what I'll do is ask you to save the key locally on your machine let's do that and then once we get to the terraform part of this where terraform needs to authenticate and deploy infrastructure to gcp I'll show you how you can use this API key but yeah this was how you can create a service account and we also created the terraform project inside gcp and we needed to enable Cloud DNS compute engine and IM API now let's go with second requirement that was installing terraform so I'm on the official terraform website from hashicorp and installing terraform on Mac OS is pretty easy you can just use Homebrew by typing the command Brew tab hashicorp tab and then Brew install hashicob slash tab slash tariff so let's go ahead and do that let's copy the First Command and go to our terminal paste it and let's copy the second command which will install terraform and there we go so I already had terraform 1.4.6 installed which is up to date so that's why you're seeing that message but in your case if you don't have terraform installed Brew will go ahead and install it for you so now let's start writing some code what I'm gonna do is go to the right directory on my Dev machine here and then create a new directory called terraform with gcp and let's open that up in vs code okay so I have the directory open here in vs code and as you can see it's an empty directory so let's start with creating a folder for our infrastructure and let's name it infra I'll start with the fundamental terraform file that we need which is usually named as main.tf and this is where most of our terraform code will go but we also need to pull the provider gcp from terraforms registry and I'll show you how you'll do that and the best practice is to have it not in main.tf but another file called provider.tf so let's do that right now as we are starting so provider.tf and we'll bring the gcp provider in this terraform file so let's start writing some HCL so I'm just going to make a comment here saying gcp provider on the top and then what we are going to do is pull that Provider from the terraform registry so provider and then we'll go with Google as our provider and we also need to specify some config for this provider first off it is the credentials so this is where our service account which we created before will come in which will allow us to authenticate to gcp and a project so what project should the infrastructure be deployed in and as you can see I'm using VAR here which stands for variable which basically means it allows us to assign variable values and not hard code it into the provider column here so let's go with gcp under project and you can name your variables accordingly and last one is region which for me the nearest One Is Us East one but we'll Define that in the variable files that you'll see later and there we go so we have our gcp provider pulling in into provider.tf let's go back to main.tf and let's start with creating a cloud storage bucket where all of our website code will exist so let's start with a comment saying bucket to store website and then let's create resource and you can do that by typing resource and let's go with storage underscore bucket and let's call it website since we'll be using it as a website hosting so there we go we created a resource called bucket and then provider you can specify that if you're using multiple providers in your provider.tf file or you can leave it if you only have one provider which is in our case so let's go ahead and delete it so now let's name our bucket and again you can use a variable here but I'll just go and name it example website by rishab that's a long name I feel like it'll be unique make sure you choose a bucket name that's unique because they need to be globally unique as per the instructions by gcp and then location is us for our bucket so we have just created our first resource in the terraform file mind you it hasn't been deployed yet and you'll see how you can do that later but let's go ahead and we'll need a index.html file that will upload to this bucket and I'm gonna cheat here a little bit I already have index.html that contains my Social Links like Twitter GitHub LinkedIn Instagram and I can show you locally here but I'm gonna use that and upload it to this bucket so let's create a folder here in our root directory called website and in that website directory I'll have an index.html and this will serve as our code for the website okay so this is the index.html I was talking about I can show you locally here how it looks like how the website is so I have a local server running and if I go to localhost code 5500 you'll see the website so this is the website that I was talking about nothing fancy simple index.html with some Social Links for myself and remember if you're using gcp cloud storage bucket to store your to host your website it needs to be static it can have JavaScript and CSS but you can't host a dynamic website on cloud storage so there we go we have a simple website that will deploy to gcp using terraform and now let's come back to our terraform file and upload this index.html from local storage to our bucket and how you do that is by creating resource for object so items in a bucket are known as objects so let's do that I'll create a comment saying upload e HTML file to the bucket and let's create that resource so resource and then we'll be using Google storage bucket object and we'll name it static underscore site underscore source and now let's name the object itself so this name represents what the object will be called in the bucket and not locally and now we can Define The Source where this object is being uploaded from so in our case it's the root directory and then website and then index.html and you also have to specify which bucket you want to upload this to and I'll show you how you can use in order to use our website bucket that we created on top we can just go ahead and do dot website dot name so that we don't have to hard code it I'll just grab whatever the bucket name is which is example Dash website Dash by Dash reship this helps because if you used a variable here and you created a different bucket name your code will not be broken if you're hard coding it here so that's how you do that in terraform and one key thing to remember is since we'll be hosting a website are objects in the bucket need to be public so let's go ahead and do that by defining an object access control so let's do that before we upload the object so make new objects public and since I won't be using this bucket for anything else I'm fine with having my index.html publicly accessible but make sure you know what you're doing don't upload sensitive information to a public bucket so resource and then this time we are creating an object access control so Google Google storage object Access Control and we'll name this public underscore rule so by now you might have realized that first we have the resource which the terraform will call to the provider's API so this is all defined by the gcp provider how to create a storage bucket how to create a storage object so all of this naming convention is predefined by the gcp provider and you can read about it in the gcp provider documentation available on terraform's website whereas the second part of the resource syntax is the name that you're giving to this resource in the terraform file so this is not the name that will be on gcp but it's the name that terraform knows it has and then gcp itself will have this bucket name that we defined for that resource so just trying to explain the syntax of terraform so now we are creating the object Access Control let's go ahead and Define our object here so again we'll be using the index.html name but we can do is Google storage underscore bucket underscore object dot static site source and Dot name so that we are not hard coding the name and then same thing for our bucket dot website dot name so now you can kind of relate why this name here in the double quotes is a reference in terraform but not the actual name of the bucket because we can repurpose it in different blocks later when we are creating resources that are dependent on the initial resource will give the role to through this ACL as reader and the entity which can be a user a single user a group in our case I want it to be public so all users and there we go so far we have created three resources in our main.tf one of them is the storage bucket where we'll store our website contents the next one is a storage object access control which allows the objects in the bucket to be public since we want people on the internet to be able to access our website and then the third resource in our main.tf is uploading the index.html file from our website directory to the gcp cloud storage bucket so remember I showed you how to create a service account and an API key in gcp for our terraform project to be able to authenticate we will use that key now so what I want you to do is copy that key that you downloaded then to your project directory right now so I'm gonna do that as well so in my route of the project directory I'm just gonna paste the key and as you can see the Json key that I downloaded is now in the root of my project now we will use this key to authenticate terraform to gcp to deploy resources and that's where you can see how you know we had this segment in our provider.tf where it says credentials use file and then we are referring to a variable called dot gcp underscore service underscore key so let's create variables.tf in our infra folder and here we will declare the variables we need to have for our project which we haven't done yet even though we were specifying it in the provider.tf so let's go ahead and do that the first variable is gcp service key so gcp underscore service underscore key and I'm going to leave the other arguments blank for now the next variable is gcp project and the last one is gcpe region and again I'm Gonna Leave the arguments for these variables blank for now so let's save that and there are multiple ways you can assign these variables the values so you can either do it during running the terraform CLI command or you can provide with the TF vars file so let's go ahead and create that too let's name it terraform.tf Wars so let's for an example let's say you wanted to deploy this to a Dev environment in your gcp and you had a different project so you will specify the details of the dev environment in this terraform.tfrs and similarly you will have a different TF Wars file for production environment which you can call prod.tf Wars and that would have you know project ID of production environment region of production environment and a service key that allows access to the production project instead of the dev ones so you can see how you can use the dot TF Wars file in you know different cases so in our case since we only have one environment let's go ahead and assign those variables value so the gcp service key is the first one which allows us to authenticate terraform to gcp so that it can deploy infrastructure and I'm gonna copy the name of my service key here and paste it so now I have my service key next variable was gcp project and it's literal Academy 314813 and you can find your project ID in the gcp console which we created in the beginning of this course so if you go to your console in browser and if you click on projects remember I created Youtube and you can get the ID of that project from this screen so going back to TFR files let's go with gcp region which is the last variable I am closest to us East so I'm gonna use Us East today to deploy my website so there we go we have assigned the variables that we defined in variables.tf some values according to our need and I'll save that file and let's go back to main.tf and now let's deploy the bucket and see if our terraform code works so right now what I'm doing is since we have the code for cloud storage all figured out in terraform let's try deploying this and see if we have an object called index.html in our bucket in a cloud storage so what I'm going to do is open up the terminal let's clear the screen and now let's go to the directory of my project which is called terraform with gcp and now let's change the directory to infra because that's where our terraform files are and now in order to initiate the terraform project you have to do terraform init so this will generate some boilerplate files that are needed like the state file and I'll explain what it does so let's do terraform in it it will also go and check the provider that we are using so in our case we are using hashicops Google Provider from their registry and you can see it's installing that provider and we can also see that terraform has been successfully initiated so if I go back to my code editor we'll see a bunch of files that were created in a directory called dot terraform was created this is where the state files will exist and what I mean by state is once we deploy our bucket now let's say we want to destroy it or we change something in our main.tf it'll remember the infrastructure State the last time we did a terraform apply so let's say we add load balancer and we add Cloud CDN and Cloud DNS it will not create the bucket again because it already had done that and you'll see this once we do terraform apply since it can remember the state of the infrastructure it will not deploy the bucket again but would just deploy the changes which is adding Cloud DNS Cloud CDN and load balancer so that's what all these files are let's go back to our terminal and do terraform plan so terraform plan basically tells you what all resources would be deployed so it won't actually deploy the infrastructure but just give you an idea of what all resources will be deployed to gcp in our case so you can see there's the bucket there's the index.html and then there is the object Access Control public rule that we created So the plan says three to add zero to change and 0 to destroy so this is what I meant by state now let's do terraform apply yes so it went ahead and added all those three resources now if we go back to my Google Cloud console and we navigate we navigate to cloud storage we should see a bucket named example website so search for cloud storage and you can see we have an example website by reshope that was just created so let's click on that it has an object called index.html which is according to the public access it is public to the internet so let's open that it has a public URL let's try to visit that and there we go that was the website we had locally right so this is localhost Port 5500 that I showed you in the beginning the index.html that I created and this is on the Google Cloud Storage so our site is basically live but we are still accessing the object directly from the storage what I would like to have is a load balancer in front and Cloud CDN which will help us with caching the content of our website and DNS which would give our site a more friendly domain name so yeah we have been successful in deploying the three resources we defined in our main.tf now let's move forward with the load balancer CDN DNS so let's go ahead with the next part of our architecture which will be using the load balancer and one thing with load balancer is that you will be given an IP address and I want to make sure that IP address is static not Dynamic so what I'll do is reserve an external IP before I create the load balancer so let's go ahead and do that so I'm gonna make a comment saying reserve a static external IP address and then what I'll do is create that resource so resource and the way you create an external IP is Google underscore compute underscore Global underscore address and then we'll call this website underscore IP so the name can be and this is the name that will go in gcp so website let's put lb which stands for load balancer and then IP and we are good so that gives us an IP that will be reserved for us that we'll use later in our load balancer also so the way I have set up my DNS zone I'll show you in gcp so since we are talking about IP address for our load balancer let's also go over how we will configure the domain name so what you have to do in order to configure the domain name is you have to first enable the cloud DNS service you can already see that I have a Zone name reshap Dash example and it has a DNS name gcp.reshup.cloud so you could have any domain name service provider like namecheap or Google domains or Route 53 but what you will have to do is either transfer that domain name to Cloud DNS or you can create a zone for a subdomain so let's say I want to create a zone for this project called terraform Dash gcp the DNS name that I own is reship.cloud so I'll create a sub domain here called test.reship.cloud and then for the other settings you can leave it default and click on create so what it'll give you is a list of name servers and if you click on the NS record you can see those four name servers that the cloud DNS for gcp uses and what you will have to do is go into your domain name server service provider so namecheap or Route 53 and create this record with the DNS name test Dot reship.cloud and the type being name servers which is NS and paste all these four values in there the DNS propagation can take some time and that's why I already have the example Zone setup that I'll be using in this project which points to gcp.reshup.cloud so since I already have the DNS Zone created what I want to do here is not to create it but get D managed zone so get the managed DNS Zone and how you can do that is through data so data Google DNS managed Zone and then what the name of that zone will be in this terraform file so let's name that DNS Zone pretty straightforward and now we will get that data from the gcp provider so in my case the DNS Zone was named reship Dash example so just to clarify we are not creating the Zone we are getting it from the Google cloud provider says since it already exists so now let's add that IP address that we reserved to this DNS Zone so add the IP to the DNS so that the name translation happens fine so if we go to website.gcp.reshup.cloud it translates to whatever the reserved IP points to the load balancer and let's name this website so the name that I want is website dot but then I want to use whatever the DNS Zone got us so you can use dollar sign and then curly brackets and you already see the terraform extensions that I have installed is auto populating that DNS Zone name so let's go ahead and type it out instead so data and then I can copy this manage DNS Zone record it's called VNS Zone and at last it's DNS name so there we go the new record that will be created for our reserved IP would be something like website.gcp.reshup.cloud and I could have put in anything in front here it would be xyz.gcp dot reship.cloud so I hope you understand what I'm trying to do here the type since it is an IP address will be a and not a z name and then TTL which is time to live let's go with 300 seconds which is 5 minutes the managed Zone that we will be using again we don't need to hard code it we can just use the zone that we got from gcp earlier and at the end we'll not need DNS name but just the name which is vishub Dash example so instead of hard coding this here I just am relying on terraform to figure it out itself now we have the RR details which is the string data for the records in our case since it's an A type record will be the reserved IP address for the load balancer moving along let's add the bucket as a CDN backup remember we are using a cloud load balancer which will need a back end to serve the content which is our bucket so the resource before the load balancer that we are creating is that backend so Google compute back and bucket and let's call it website Dash backend and let's also name it website backend and then for the bucket name we have the Google storage bucket dot website.name which it will pull up from here so this is the bucket name that it'll get let's also add a description to the to the back end so contains files needed for the website and this is where you also enable CDN so enable CDN is equal to true so this will enable Cloud CDN for us for our backend bucket so we created the backend bucket now let's create a URL map so this is a property in the load balancer which allows us to specify what when a user enters a specific URL path that is being served by the load balancer what it should direct the traffic to in our case it will be the back end bucket that we just created so let's go ahead and do that so resource Google underscore compute URL map and let's name it website of the name can be website Dash URL Dash map the default service that it's going to use is the backend bucket that we build here so you can get the name of that back end is by doing Google underscore compute underscore bucket dot website Dash back-end dot self underscore link and now we have to also specify the host rules so host underscore Rule and this is where you can tell like where the traffic should be pointed to depending on what host the user is asking for so let's say you hosted in this bucket you had images and videos and you wanted the load balancer to manage that the traffic based on the type of content that is being asked for so you would have something like slash images as the path for images and then slash videos for the video content and this property lets you define those rules so for a host I'm gonna go with anything needs to be in double quotes and you also need a path matcher so path matcher for all paths and then we also have to Define that path matcher so path matcher name is equal to all paths and default service is our backend website so so the back end that we created with CDN enabled we need that so it will be dot website Dash backend dot self underscore link so this is where all the paths will lead to which is what I want because we don't have any spec anything specific being hosted on a different path I just want everyone who accesses xyz.reshup.cloud to go to the index.html that is being served by this backend so there we go we have our URL map setup now let's create our load balancer so the resource that we want now is the Google Google compute Target HTTP proxy and let's name it website again and you can name the resources accordingly as you like or if there is a specific naming convention that you follow so let's go ahead and for the actual name in gcp let's call it website Target proxy and then the URL map that we created we want to use that for this target proxy so it'll be Google underscore compute underscore URL underscore map dot website yep so we named it website with entire form so website dot self underscore link so that is the URL map we want to use and now we can go ahead with creating the forwarding rule for our load balancer so let's make a comment saying gcp forwarding rule and then let's create that resource okay so we have the Google compute Global forwarding rule and let's name it default in terraform for the name in gcp let's call it website forwarding root load balancing scheme is gonna be external since we need an external load balancer that listens to internet requests IP address and this is where we will use the IP address that we blocked on the top remember we had a resource that would reserve a static external IP address for us so we'll use that here so we can refer to it in terraform by doing Google compute underscore Global underscore address dot website underscore IP dot address so this will link that reserved IP to our load balancer and then the IP protocol we have to Define is TCP so listen to that Port range so in terms of best practices you should be using Port 443 here and you'll need an additional resource in order to do that is the SSL certificate which you can get from gcp and I can show you the code bit that's required to get the SSL certificate but the SSL certificate creation process can take some time and hence for the purposes of this demo I will not be including the SSL certificate resource itself so that's why I'm using Port 80 so that we have a working website that is being served by a load balancer on our custom domain and Target as you can guess will be our proxy website that we created here so Google compute Target HTTP proxy dot website dot self link so we have all the resources that are necessary to according to the architecture diagram we had so we we have the cloud storage account that we already deployed and we saw we could access the index.html we have the load balancer now we have a backend that is being served by the load balancer which has CDN enabled and we have the DNS that we configured in our main.tf so let's save our main.tf go to our terminal here and do terraform plan we'll see that it plans on adding five resources instead of eight or nine because we already deployed the bucket and we also uploaded the index.html in the previous terraform apply so this is where the state comes in state remembers what all infrastructure has already been deployed from our terraform code and it will not redeploy that again or if we changed the index.html to something else it'll have detected that change and would have said one to change so that's the concept of terraform State file let's go ahead and do terraform apply to deploy our changes to Google Cloud It'll ask you to enter yes if you are willing to deploy these changes let's go ahead and do that and wait for these changes to be deployed okay so we have the apply complete we have added five resources now we can go to our gcp account and look for those resources so the first thing I would love to check is the load balancer so let's go to load balancer there we go so you can see it did create a website Dash URL Dash map which is a classic HTTP load balancer and has a back-end bucket let's go ahead and look at it so this was the IP address that was reserved for us the backend bucket is the example website by rishab which we wanted and the cloud CDN is enabled so basically we have deployed all of the parts of this architecture diagram now what we have to do is see if we can access our website by going to this IP slash index.html so I'm gonna paste that in the URL bar here and there we go we have our website that I wanted to be deployed to gcp being served by the load balancer the next thing to test would be the domain name so if we go back to terraform file and look at our DNS record set it's website Dot and then whatever the domain name I had in gcp which is gcp.reaship.cloud and I can show you here because we should see in Cloud DNS we should see a new record so if I open that up we have website.gcp.reshup.cloud and it is pointing to the IP address of the load balancer that we just visited so now terraform did it part where it created that DNS record and pointed it to the load balancer IP let's just test it out so website.gcp dot reship.cloud index.html and there we go we have our website being served on a custom domain with a load balancer and the cloud CDN and cloud storage as the bucket for our project so that was the project today we deployed all the resources necessary using terraform to gcp the one bit that I want to cover as we're towards the end is is the https or SSL certificate if you want to create the external load balancer that's on Port 443 which is the recommended practice so all of the code for this project is available on GitHub if you ran into some issue and I'll link the GitHub repo in the description below but this is how you can get the https certificate so you have to create a resource called Google compute managed SSL certificate and the domain name for that which you can use the previous resource we created which was website.gcp dot reship.cloud so I have gone ahead and did that but it still needs some time for the SSL so to be provisioned but you can see it is getting an SSL certificate for website.gcp.reship.cloud by which my load balancer would be able to serve traffic over Port 443 so the code will be available on GitHub but that's the way to get an SSL certificate and if you want to clean up your resources you can do that by doing terraform destroy which will delete all the resources that we just added so not only the five resources but also the bucket that we added in the beginning so you can see the total resources to be destroyed are nine so you can do that and clean up your environment this also depends on the state so that's how it knows that it needs to delete nine resources but yeah terraform destroys the command to clean up those resources so yeah the important commands for terraform are terraform init which initializes your project telephone plan which will tell you what it plans on deploying terraform apply which needs a yes argument for it to deploy the infrastructure to your cloud provider and then terraform to destroy which also need a yes argument to destroy all the infrastructure as it is happening right now so all of our nine resources have been destroyed one last thing before you all go wanted to mention is if you plan on hosting your code on GitHub make sure you have added a git ignore to the root of your project and you have added the service key to not be pushed to a public GitHub repository because it's important it's your API key that gives you access to your Google Cloud account so the template for the git ignore includes some terraform State files too and can be found on the same GitHub repository that I've shared in the description so you can copy that for your own git ignore but make sure you have added the service key to the bottom of the git ignore so that was the project we built today we learned about terraform which is an infrastructure as cold tool also great principle in the devops helps you automate all infrastructure things and we also learned how you can host a website in gcp by using load balancer cloud storage and also how to have a custom domain pointed to it I hope this project helped you understand these Concepts and I can't wait to see what you builddive into the world of infrastructure as code with this Hands-On course by rishabh Kumar who will guide you through the essentials of deploying a website on Google Cloud platform using terraform through this course you'll gain hands-on experience deploying a fully functional website on Google Cloud platform you'll learn to write terraform code manage Cloud resources and handle custom domain configurations all while understanding the principles of effective and efficient infrastructure management by the end of this course you'll be well equipped with the Knowledge and Skills to leverage terraform in creating and managing scalable and automated infrastructures on the cloud so let's begin today I'll talk about the famous infrastructure as code tool known as terraform and will deploy a website to gcp which is the Google Cloud platform and if you are not familiar with infrastructure as code it is one of the important devops principle which allows you to deploy your infrastructure to any of the cloud providers using a code file which makes automation easy so let's dive into what we'll be needing today so for the requirements first of all you need a gcp account which would allow you to deploy resources to the Google Cloud platform you'll also need terraform installed on your Dev machine and since we'll be deploying a website you need a domain name that we can point our website to and at last we also need the gcloud CLI installed and authenticated on our Dev machine going over the architecture diagram this is what we'll deploy today so if any of the users try to visit our website Cloud DNS which is a gcp service we'll handle that request of whatever our domain name is or go to the CDN which is again gcp service known as content distribution Network and then we'll be using a cloud load balancer to forward those requests to cloud storage where we will have a bucket containing our website content so this is the architecture diagram gives you kind of an overview of all the resources that we'll be needing today in gcp to deploy our website so before we start with any terraform code I want to make sure you have your Google Cloud account set up so if you haven't created an account you'll need an account with active billing even though the cost for this project will be minimal since we are using Google Cloud Storage to store our website content couple of cents for that per month but you can incur charges for your load balancers as we saw in the architecture diagram that being said you still get some credits you also get a free tier from Google Cloud so for your Google account what you want to do is in order to manage the resources efficiently you have projects in Google Cloud so you can go ahead and create a new project after you have created your account for you to deploy the infrastructure so I have created a YouTube Project here as you can see and have selected that Google Cloud gives a random project ID or you can choose your own project ID and I have selected that as my project for today's course now there are a few apis that you have to make sure are enabled so you need Cloud DNS API since we'll be using a domain name you also need compute engine API since we'll be using the load balancer and you also need IIM API and I'll tell you why in order to enable these apis on your home page of the project you can see there's quick access menu and you have API and services if you click on that you'll be able to enable different apis and services so you can search for cloud DNS API and as you can see it shows up the cloud DNS API on my project it's already enabled but if you don't have it enabled here will be a button saying enable this API similarly if we search for compute engine API for our load balancer we can enable that too and then last but not the least is IM API so make sure all these apis are enabled and we need these in order to proceed with our project today so after we have done that what I'll do is create a service account for terraform to authenticate to Google Cloud since we'll be using terraform to deploy our infrastructure for our website it needs a way to authenticate to Google Cloud to deploy that infrastructure and the way it does that is through a service account there is a documentation available from Google Cloud on how to create a service account and I'll make sure it's linked down in the resources below but I'll just show you how you can create one so if we go to service account which is available in IIM and admin and if you go to service accounts you'll see that I have two service accounts here let's click on create a service account and now you can name this accordingly so let's name it free code Camp Dash terraform and then Google Cloud will also sign it a service account ID and you can put in the description saying terraform gcp and then you can click on Create and continue where It'll ask which role you want to assign so I highly suggest you fine grain the access that you provide the service account since I showed in the architecture diagram that will be using Cloud DNS CDN load balancing and cloud storage you can limit the access for this service account only for those Services by searching for those Services here but for the purposes of this demo I'm just gonna go with basic and click owner but you can see there is a message saying full access to most Google Cloud resources see the list of included permissions if by mistake you expose your service key which will generate and store today for our terraform project if you expose it publicly you have the risk of individuals having access to your entire Google Cloud account so make sure you have fine-grained your access to this service account but I'll choose owner for the purposes of this demo so I have given the owner access and now we can click on done and you can see it generated a service account called free code Camp terraform so now we'll need an API key for this service account and how you can do that is by clicking on Keys click on ADD key create new key and let's go with the Json format it's also the recommended format by Google Cloud if you click on create what I'll do is ask you to save the key locally on your machine let's do that and then once we get to the terraform part of this where terraform needs to authenticate and deploy infrastructure to gcp I'll show you how you can use this API key but yeah this was how you can create a service account and we also created the terraform project inside gcp and we needed to enable Cloud DNS compute engine and IM API now let's go with second requirement that was installing terraform so I'm on the official terraform website from hashicorp and installing terraform on Mac OS is pretty easy you can just use Homebrew by typing the command Brew tab hashicorp tab and then Brew install hashicob slash tab slash tariff so let's go ahead and do that let's copy the First Command and go to our terminal paste it and let's copy the second command which will install terraform and there we go so I already had terraform 1.4.6 installed which is up to date so that's why you're seeing that message but in your case if you don't have terraform installed Brew will go ahead and install it for you so now let's start writing some code what I'm gonna do is go to the right directory on my Dev machine here and then create a new directory called terraform with gcp and let's open that up in vs code okay so I have the directory open here in vs code and as you can see it's an empty directory so let's start with creating a folder for our infrastructure and let's name it infra I'll start with the fundamental terraform file that we need which is usually named as main.tf and this is where most of our terraform code will go but we also need to pull the provider gcp from terraforms registry and I'll show you how you'll do that and the best practice is to have it not in main.tf but another file called provider.tf so let's do that right now as we are starting so provider.tf and we'll bring the gcp provider in this terraform file so let's start writing some HCL so I'm just going to make a comment here saying gcp provider on the top and then what we are going to do is pull that Provider from the terraform registry so provider and then we'll go with Google as our provider and we also need to specify some config for this provider first off it is the credentials so this is where our service account which we created before will come in which will allow us to authenticate to gcp and a project so what project should the infrastructure be deployed in and as you can see I'm using VAR here which stands for variable which basically means it allows us to assign variable values and not hard code it into the provider column here so let's go with gcp under project and you can name your variables accordingly and last one is region which for me the nearest One Is Us East one but we'll Define that in the variable files that you'll see later and there we go so we have our gcp provider pulling in into provider.tf let's go back to main.tf and let's start with creating a cloud storage bucket where all of our website code will exist so let's start with a comment saying bucket to store website and then let's create resource and you can do that by typing resource and let's go with storage underscore bucket and let's call it website since we'll be using it as a website hosting so there we go we created a resource called bucket and then provider you can specify that if you're using multiple providers in your provider.tf file or you can leave it if you only have one provider which is in our case so let's go ahead and delete it so now let's name our bucket and again you can use a variable here but I'll just go and name it example website by rishab that's a long name I feel like it'll be unique make sure you choose a bucket name that's unique because they need to be globally unique as per the instructions by gcp and then location is us for our bucket so we have just created our first resource in the terraform file mind you it hasn't been deployed yet and you'll see how you can do that later but let's go ahead and we'll need a index.html file that will upload to this bucket and I'm gonna cheat here a little bit I already have index.html that contains my Social Links like Twitter GitHub LinkedIn Instagram and I can show you locally here but I'm gonna use that and upload it to this bucket so let's create a folder here in our root directory called website and in that website directory I'll have an index.html and this will serve as our code for the website okay so this is the index.html I was talking about I can show you locally here how it looks like how the website is so I have a local server running and if I go to localhost code 5500 you'll see the website so this is the website that I was talking about nothing fancy simple index.html with some Social Links for myself and remember if you're using gcp cloud storage bucket to store your to host your website it needs to be static it can have JavaScript and CSS but you can't host a dynamic website on cloud storage so there we go we have a simple website that will deploy to gcp using terraform and now let's come back to our terraform file and upload this index.html from local storage to our bucket and how you do that is by creating resource for object so items in a bucket are known as objects so let's do that I'll create a comment saying upload e HTML file to the bucket and let's create that resource so resource and then we'll be using Google storage bucket object and we'll name it static underscore site underscore source and now let's name the object itself so this name represents what the object will be called in the bucket and not locally and now we can Define The Source where this object is being uploaded from so in our case it's the root directory and then website and then index.html and you also have to specify which bucket you want to upload this to and I'll show you how you can use in order to use our website bucket that we created on top we can just go ahead and do dot website dot name so that we don't have to hard code it I'll just grab whatever the bucket name is which is example Dash website Dash by Dash reship this helps because if you used a variable here and you created a different bucket name your code will not be broken if you're hard coding it here so that's how you do that in terraform and one key thing to remember is since we'll be hosting a website are objects in the bucket need to be public so let's go ahead and do that by defining an object access control so let's do that before we upload the object so make new objects public and since I won't be using this bucket for anything else I'm fine with having my index.html publicly accessible but make sure you know what you're doing don't upload sensitive information to a public bucket so resource and then this time we are creating an object access control so Google Google storage object Access Control and we'll name this public underscore rule so by now you might have realized that first we have the resource which the terraform will call to the provider's API so this is all defined by the gcp provider how to create a storage bucket how to create a storage object so all of this naming convention is predefined by the gcp provider and you can read about it in the gcp provider documentation available on terraform's website whereas the second part of the resource syntax is the name that you're giving to this resource in the terraform file so this is not the name that will be on gcp but it's the name that terraform knows it has and then gcp itself will have this bucket name that we defined for that resource so just trying to explain the syntax of terraform so now we are creating the object Access Control let's go ahead and Define our object here so again we'll be using the index.html name but we can do is Google storage underscore bucket underscore object dot static site source and Dot name so that we are not hard coding the name and then same thing for our bucket dot website dot name so now you can kind of relate why this name here in the double quotes is a reference in terraform but not the actual name of the bucket because we can repurpose it in different blocks later when we are creating resources that are dependent on the initial resource will give the role to through this ACL as reader and the entity which can be a user a single user a group in our case I want it to be public so all users and there we go so far we have created three resources in our main.tf one of them is the storage bucket where we'll store our website contents the next one is a storage object access control which allows the objects in the bucket to be public since we want people on the internet to be able to access our website and then the third resource in our main.tf is uploading the index.html file from our website directory to the gcp cloud storage bucket so remember I showed you how to create a service account and an API key in gcp for our terraform project to be able to authenticate we will use that key now so what I want you to do is copy that key that you downloaded then to your project directory right now so I'm gonna do that as well so in my route of the project directory I'm just gonna paste the key and as you can see the Json key that I downloaded is now in the root of my project now we will use this key to authenticate terraform to gcp to deploy resources and that's where you can see how you know we had this segment in our provider.tf where it says credentials use file and then we are referring to a variable called dot gcp underscore service underscore key so let's create variables.tf in our infra folder and here we will declare the variables we need to have for our project which we haven't done yet even though we were specifying it in the provider.tf so let's go ahead and do that the first variable is gcp service key so gcp underscore service underscore key and I'm going to leave the other arguments blank for now the next variable is gcp project and the last one is gcpe region and again I'm Gonna Leave the arguments for these variables blank for now so let's save that and there are multiple ways you can assign these variables the values so you can either do it during running the terraform CLI command or you can provide with the TF vars file so let's go ahead and create that too let's name it terraform.tf Wars so let's for an example let's say you wanted to deploy this to a Dev environment in your gcp and you had a different project so you will specify the details of the dev environment in this terraform.tfrs and similarly you will have a different TF Wars file for production environment which you can call prod.tf Wars and that would have you know project ID of production environment region of production environment and a service key that allows access to the production project instead of the dev ones so you can see how you can use the dot TF Wars file in you know different cases so in our case since we only have one environment let's go ahead and assign those variables value so the gcp service key is the first one which allows us to authenticate terraform to gcp so that it can deploy infrastructure and I'm gonna copy the name of my service key here and paste it so now I have my service key next variable was gcp project and it's literal Academy 314813 and you can find your project ID in the gcp console which we created in the beginning of this course so if you go to your console in browser and if you click on projects remember I created Youtube and you can get the ID of that project from this screen so going back to TFR files let's go with gcp region which is the last variable I am closest to us East so I'm gonna use Us East today to deploy my website so there we go we have assigned the variables that we defined in variables.tf some values according to our need and I'll save that file and let's go back to main.tf and now let's deploy the bucket and see if our terraform code works so right now what I'm doing is since we have the code for cloud storage all figured out in terraform let's try deploying this and see if we have an object called index.html in our bucket in a cloud storage so what I'm going to do is open up the terminal let's clear the screen and now let's go to the directory of my project which is called terraform with gcp and now let's change the directory to infra because that's where our terraform files are and now in order to initiate the terraform project you have to do terraform init so this will generate some boilerplate files that are needed like the state file and I'll explain what it does so let's do terraform in it it will also go and check the provider that we are using so in our case we are using hashicops Google Provider from their registry and you can see it's installing that provider and we can also see that terraform has been successfully initiated so if I go back to my code editor we'll see a bunch of files that were created in a directory called dot terraform was created this is where the state files will exist and what I mean by state is once we deploy our bucket now let's say we want to destroy it or we change something in our main.tf it'll remember the infrastructure State the last time we did a terraform apply so let's say we add load balancer and we add Cloud CDN and Cloud DNS it will not create the bucket again because it already had done that and you'll see this once we do terraform apply since it can remember the state of the infrastructure it will not deploy the bucket again but would just deploy the changes which is adding Cloud DNS Cloud CDN and load balancer so that's what all these files are let's go back to our terminal and do terraform plan so terraform plan basically tells you what all resources would be deployed so it won't actually deploy the infrastructure but just give you an idea of what all resources will be deployed to gcp in our case so you can see there's the bucket there's the index.html and then there is the object Access Control public rule that we created So the plan says three to add zero to change and 0 to destroy so this is what I meant by state now let's do terraform apply yes so it went ahead and added all those three resources now if we go back to my Google Cloud console and we navigate we navigate to cloud storage we should see a bucket named example website so search for cloud storage and you can see we have an example website by reshope that was just created so let's click on that it has an object called index.html which is according to the public access it is public to the internet so let's open that it has a public URL let's try to visit that and there we go that was the website we had locally right so this is localhost Port 5500 that I showed you in the beginning the index.html that I created and this is on the Google Cloud Storage so our site is basically live but we are still accessing the object directly from the storage what I would like to have is a load balancer in front and Cloud CDN which will help us with caching the content of our website and DNS which would give our site a more friendly domain name so yeah we have been successful in deploying the three resources we defined in our main.tf now let's move forward with the load balancer CDN DNS so let's go ahead with the next part of our architecture which will be using the load balancer and one thing with load balancer is that you will be given an IP address and I want to make sure that IP address is static not Dynamic so what I'll do is reserve an external IP before I create the load balancer so let's go ahead and do that so I'm gonna make a comment saying reserve a static external IP address and then what I'll do is create that resource so resource and the way you create an external IP is Google underscore compute underscore Global underscore address and then we'll call this website underscore IP so the name can be and this is the name that will go in gcp so website let's put lb which stands for load balancer and then IP and we are good so that gives us an IP that will be reserved for us that we'll use later in our load balancer also so the way I have set up my DNS zone I'll show you in gcp so since we are talking about IP address for our load balancer let's also go over how we will configure the domain name so what you have to do in order to configure the domain name is you have to first enable the cloud DNS service you can already see that I have a Zone name reshap Dash example and it has a DNS name gcp.reshup.cloud so you could have any domain name service provider like namecheap or Google domains or Route 53 but what you will have to do is either transfer that domain name to Cloud DNS or you can create a zone for a subdomain so let's say I want to create a zone for this project called terraform Dash gcp the DNS name that I own is reship.cloud so I'll create a sub domain here called test.reship.cloud and then for the other settings you can leave it default and click on create so what it'll give you is a list of name servers and if you click on the NS record you can see those four name servers that the cloud DNS for gcp uses and what you will have to do is go into your domain name server service provider so namecheap or Route 53 and create this record with the DNS name test Dot reship.cloud and the type being name servers which is NS and paste all these four values in there the DNS propagation can take some time and that's why I already have the example Zone setup that I'll be using in this project which points to gcp.reshup.cloud so since I already have the DNS Zone created what I want to do here is not to create it but get D managed zone so get the managed DNS Zone and how you can do that is through data so data Google DNS managed Zone and then what the name of that zone will be in this terraform file so let's name that DNS Zone pretty straightforward and now we will get that data from the gcp provider so in my case the DNS Zone was named reship Dash example so just to clarify we are not creating the Zone we are getting it from the Google cloud provider says since it already exists so now let's add that IP address that we reserved to this DNS Zone so add the IP to the DNS so that the name translation happens fine so if we go to website.gcp.reshup.cloud it translates to whatever the reserved IP points to the load balancer and let's name this website so the name that I want is website dot but then I want to use whatever the DNS Zone got us so you can use dollar sign and then curly brackets and you already see the terraform extensions that I have installed is auto populating that DNS Zone name so let's go ahead and type it out instead so data and then I can copy this manage DNS Zone record it's called VNS Zone and at last it's DNS name so there we go the new record that will be created for our reserved IP would be something like website.gcp.reshup.cloud and I could have put in anything in front here it would be xyz.gcp dot reship.cloud so I hope you understand what I'm trying to do here the type since it is an IP address will be a and not a z name and then TTL which is time to live let's go with 300 seconds which is 5 minutes the managed Zone that we will be using again we don't need to hard code it we can just use the zone that we got from gcp earlier and at the end we'll not need DNS name but just the name which is vishub Dash example so instead of hard coding this here I just am relying on terraform to figure it out itself now we have the RR details which is the string data for the records in our case since it's an A type record will be the reserved IP address for the load balancer moving along let's add the bucket as a CDN backup remember we are using a cloud load balancer which will need a back end to serve the content which is our bucket so the resource before the load balancer that we are creating is that backend so Google compute back and bucket and let's call it website Dash backend and let's also name it website backend and then for the bucket name we have the Google storage bucket dot website.name which it will pull up from here so this is the bucket name that it'll get let's also add a description to the to the back end so contains files needed for the website and this is where you also enable CDN so enable CDN is equal to true so this will enable Cloud CDN for us for our backend bucket so we created the backend bucket now let's create a URL map so this is a property in the load balancer which allows us to specify what when a user enters a specific URL path that is being served by the load balancer what it should direct the traffic to in our case it will be the back end bucket that we just created so let's go ahead and do that so resource Google underscore compute URL map and let's name it website of the name can be website Dash URL Dash map the default service that it's going to use is the backend bucket that we build here so you can get the name of that back end is by doing Google underscore compute underscore bucket dot website Dash back-end dot self underscore link and now we have to also specify the host rules so host underscore Rule and this is where you can tell like where the traffic should be pointed to depending on what host the user is asking for so let's say you hosted in this bucket you had images and videos and you wanted the load balancer to manage that the traffic based on the type of content that is being asked for so you would have something like slash images as the path for images and then slash videos for the video content and this property lets you define those rules so for a host I'm gonna go with anything needs to be in double quotes and you also need a path matcher so path matcher for all paths and then we also have to Define that path matcher so path matcher name is equal to all paths and default service is our backend website so so the back end that we created with CDN enabled we need that so it will be dot website Dash backend dot self underscore link so this is where all the paths will lead to which is what I want because we don't have any spec anything specific being hosted on a different path I just want everyone who accesses xyz.reshup.cloud to go to the index.html that is being served by this backend so there we go we have our URL map setup now let's create our load balancer so the resource that we want now is the Google Google compute Target HTTP proxy and let's name it website again and you can name the resources accordingly as you like or if there is a specific naming convention that you follow so let's go ahead and for the actual name in gcp let's call it website Target proxy and then the URL map that we created we want to use that for this target proxy so it'll be Google underscore compute underscore URL underscore map dot website yep so we named it website with entire form so website dot self underscore link so that is the URL map we want to use and now we can go ahead with creating the forwarding rule for our load balancer so let's make a comment saying gcp forwarding rule and then let's create that resource okay so we have the Google compute Global forwarding rule and let's name it default in terraform for the name in gcp let's call it website forwarding root load balancing scheme is gonna be external since we need an external load balancer that listens to internet requests IP address and this is where we will use the IP address that we blocked on the top remember we had a resource that would reserve a static external IP address for us so we'll use that here so we can refer to it in terraform by doing Google compute underscore Global underscore address dot website underscore IP dot address so this will link that reserved IP to our load balancer and then the IP protocol we have to Define is TCP so listen to that Port range so in terms of best practices you should be using Port 443 here and you'll need an additional resource in order to do that is the SSL certificate which you can get from gcp and I can show you the code bit that's required to get the SSL certificate but the SSL certificate creation process can take some time and hence for the purposes of this demo I will not be including the SSL certificate resource itself so that's why I'm using Port 80 so that we have a working website that is being served by a load balancer on our custom domain and Target as you can guess will be our proxy website that we created here so Google compute Target HTTP proxy dot website dot self link so we have all the resources that are necessary to according to the architecture diagram we had so we we have the cloud storage account that we already deployed and we saw we could access the index.html we have the load balancer now we have a backend that is being served by the load balancer which has CDN enabled and we have the DNS that we configured in our main.tf so let's save our main.tf go to our terminal here and do terraform plan we'll see that it plans on adding five resources instead of eight or nine because we already deployed the bucket and we also uploaded the index.html in the previous terraform apply so this is where the state comes in state remembers what all infrastructure has already been deployed from our terraform code and it will not redeploy that again or if we changed the index.html to something else it'll have detected that change and would have said one to change so that's the concept of terraform State file let's go ahead and do terraform apply to deploy our changes to Google Cloud It'll ask you to enter yes if you are willing to deploy these changes let's go ahead and do that and wait for these changes to be deployed okay so we have the apply complete we have added five resources now we can go to our gcp account and look for those resources so the first thing I would love to check is the load balancer so let's go to load balancer there we go so you can see it did create a website Dash URL Dash map which is a classic HTTP load balancer and has a back-end bucket let's go ahead and look at it so this was the IP address that was reserved for us the backend bucket is the example website by rishab which we wanted and the cloud CDN is enabled so basically we have deployed all of the parts of this architecture diagram now what we have to do is see if we can access our website by going to this IP slash index.html so I'm gonna paste that in the URL bar here and there we go we have our website that I wanted to be deployed to gcp being served by the load balancer the next thing to test would be the domain name so if we go back to terraform file and look at our DNS record set it's website Dot and then whatever the domain name I had in gcp which is gcp.reaship.cloud and I can show you here because we should see in Cloud DNS we should see a new record so if I open that up we have website.gcp.reshup.cloud and it is pointing to the IP address of the load balancer that we just visited so now terraform did it part where it created that DNS record and pointed it to the load balancer IP let's just test it out so website.gcp dot reship.cloud index.html and there we go we have our website being served on a custom domain with a load balancer and the cloud CDN and cloud storage as the bucket for our project so that was the project today we deployed all the resources necessary using terraform to gcp the one bit that I want to cover as we're towards the end is is the https or SSL certificate if you want to create the external load balancer that's on Port 443 which is the recommended practice so all of the code for this project is available on GitHub if you ran into some issue and I'll link the GitHub repo in the description below but this is how you can get the https certificate so you have to create a resource called Google compute managed SSL certificate and the domain name for that which you can use the previous resource we created which was website.gcp dot reship.cloud so I have gone ahead and did that but it still needs some time for the SSL so to be provisioned but you can see it is getting an SSL certificate for website.gcp.reship.cloud by which my load balancer would be able to serve traffic over Port 443 so the code will be available on GitHub but that's the way to get an SSL certificate and if you want to clean up your resources you can do that by doing terraform destroy which will delete all the resources that we just added so not only the five resources but also the bucket that we added in the beginning so you can see the total resources to be destroyed are nine so you can do that and clean up your environment this also depends on the state so that's how it knows that it needs to delete nine resources but yeah terraform destroys the command to clean up those resources so yeah the important commands for terraform are terraform init which initializes your project telephone plan which will tell you what it plans on deploying terraform apply which needs a yes argument for it to deploy the infrastructure to your cloud provider and then terraform to destroy which also need a yes argument to destroy all the infrastructure as it is happening right now so all of our nine resources have been destroyed one last thing before you all go wanted to mention is if you plan on hosting your code on GitHub make sure you have added a git ignore to the root of your project and you have added the service key to not be pushed to a public GitHub repository because it's important it's your API key that gives you access to your Google Cloud account so the template for the git ignore includes some terraform State files too and can be found on the same GitHub repository that I've shared in the description so you can copy that for your own git ignore but make sure you have added the service key to the bottom of the git ignore so that was the project we built today we learned about terraform which is an infrastructure as cold tool also great principle in the devops helps you automate all infrastructure things and we also learned how you can host a website in gcp by using load balancer cloud storage and also how to have a custom domain pointed to it I hope this project helped you understand these Concepts and I can't wait to see what you build\n"