Setup Terraform with Google Provider

Photo by Jacob Miller on Unsplash

This is article focused on routine steps how to start working with terraform and google cloud provider. For new clients/projects, we do the same steps again and again. I will try to cover the whole process from scratch and record in this article all my steps.

  • Create a google/gmail account.
  • Register organisation or personal account in It requires credit card information. Don’t worry, you will have $300 as credit for 12 months.
  • Google cloud console authorization
  • Set default application login solution
  • Init a terraform project
  • Create a google cloud project

Google cloud console authorization

Photo by Bernard Hermant on Unsplash

Steps to authorize google account are based on official documentation Install Google Cloud SDK and authorize:

$ brew install caskroom/cask/google-cloud-sdk
$ gcloud init # Will open browser and authorize your account

After this procedure, you should see the page with “You are now authenticated with the Google Cloud SDK!”.

In the terminal you should pick the first default project on prompt:

You are logged in as: [].
Pick cloud project to use:
[1] super-man-198503
[2] Create a new project
Please enter numeric choice or text value (must exactly match list
item): 1

To use terraform we can generate a separate service account or create a default application login

Default application login solution


$ gcloud auth application-default login
Credentials saved to file: [/Users/dev/.config/gcloud/application_default_credentials.json]

This method would not require you to specify the credentials json path file in the terraform. All permissions would rely on a user who will use the terraform.

Another solution is to generate a separate service account:

Init terraform project

First, we need to test authorization to the Google API and configure Google provider for terraform: In my case, I used an organization account.

Create a file

data "google_organization" "goldminer" {
domain = ""
output "org_id" {
value = "${}"

Then we initialise terraform project and check that it works:

$ terraform init
Initializing provider plugins...
- Checking for available provider plugins on
- Downloading plugin for provider "google" (1.6.0)...
* version = "~> 1.6"
Terraform has been successfully initialized!
$ terraform apply -auto-approve
data.google_organization.goldminer: Refreshing state...
Apply complete! Resources: 0 added, 0 changed, 0 destroyed.
org_id = 123456789012

If you have a problem, try to generate a service account first your self with, download the credentials json file and specify a google provider eg:

provider "google" {
credentials = "${file("${path.module}/account.json")}"
project = "super-man-198503"
region = "us-central1-a"

Create a Google cloud project

Photo by Daniel Kainz on Unsplash

We register our account to use Google cloud resources. By default, you will have a generated project “My First Project” with some random id, for example super-man-198503. There are no problems with default one, but I recommend to create projects with meaningful names.

Check the terraform google_project resource documentation Base on it, let’s create a project resource:

resource "google_project" "kubernetes" {
name = "kubernetes"
project_id = "kubernetes-${data.google_organization.goldminer.directory_customer_id}"
org_id = "${}"
output "project_id" {
value = "${}"

Check that we are going to create a correct resource with plan and confirm it after:

$ terraform apply
Terraform will perform the following actions:
+ google_project.kubernetes
id: <computed>
folder_id: <computed>
name: "kubernetes"
number: <computed>
org_id: "123456789012"
policy_data: <computed>
policy_etag: <computed>
project_id: "kubernetes-a01bvf123"
skip_delete: <computed>
Plan: 1 to add, 0 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
org_id = 123456789012
project_id = kubernetes-a01bvf123

For me, in web console of Google Cloud, this project did not appear at the same moment, so I tested with a command: gcloud projects list.