Assignment 06: (#4)

- Created a new service account with 2 roles permissions: Logging Admin and Monitoring Metric Writer
- Attached the services account to the VM (refer the compute_instance folder)
- Created a module for Cloud DNS to translate my API Domain Address to IP Address to access the VM in GCP

compute_instance/main.tf

@@ -2,7 +2,7 @@ resource "google_compute_instance" "custom_instance" {
   name         = var.instance_name
   machine_type = var.machine_type
   zone         = var.zone
-
+  allow_stopping_for_update = true
   boot_disk {
     initialize_params {
       image = var.image
@@ -19,5 +19,10 @@ resource "google_compute_instance" "custom_instance" {
     }
   }
 
+  service_account {
+    email  = var.service_account_email
+    scopes = ["cloud-platform"]
+  }
+
   metadata_startup_script = var.startup_script
 }

compute_instance/outputs.tf

@@ -5,3 +5,8 @@ output "instance_name" {
 output "instance_self_link" {
   value = google_compute_instance.custom_instance.self_link
 }
+
+output "instance_ip" {
+  value = google_compute_instance.custom_instance.network_interface.0.access_config.0.nat_ip
+}
+

compute_instance/variables.tf

@@ -1,7 +1,7 @@
 variable "instance_name" {
   description = "Name of the compute instance"
   type        = string
-  default     = "custom-instance"
+  default     = "custom-instance-after-adding-logging"
 }
 
 variable "machine_type" {
@@ -47,3 +47,8 @@ variable "startup_script" {
   description = "Startup script to initialize the instance"
   type        = string
 }
+
+variable "service_account_email" {
+  description = "Email of the service account"
+  type        = string
+}

dns/main.tf

@@ -0,0 +1,8 @@
+resource "google_dns_record_set" "webapp_dns_records" {
+  name         = var.webapp_domain_name
+  type         = var.webapp_dnsrecord_type
+  ttl          = var.webapp_dns_ttl
+  managed_zone = var.managed_zone_webapp
+
+  rrdatas = [var.global_ip] 
+}

dns/variables.tf

@@ -0,0 +1,24 @@
+variable "webapp_domain_name" {
+  description = "The domain name for the web application"
+  type        = string
+}
+
+variable "webapp_dnsrecord_type" {
+  description = "The type of DNS record"
+  type        = string
+}
+
+variable "webapp_dns_ttl" {
+  description = "The TTL for the DNS record"
+  type        = number
+}
+
+variable "managed_zone_webapp" {
+  description = "The managed zone for the web application"
+  type        = string
+}
+
+variable "global_ip" {
+  description = "The global IP address for the web application"
+  type        = string
+}

iam/main.tf

@@ -0,0 +1,17 @@
+resource "google_project_iam_binding" "logging_admin" {
+  project = var.project_id
+  role    = "roles/logging.admin"
+
+  members = [
+    "serviceAccount:${var.service_account_email}"
+  ]
+}
+
+resource "google_project_iam_binding" "monitoring_metric_writer" {
+  project = var.project_id
+  role    = "roles/monitoring.metricWriter"
+
+  members = [
+    "serviceAccount:${var.service_account_email}"
+  ]
+}

iam/variables.tf

@@ -0,0 +1,9 @@
+variable "project_id" {
+  description = "The project ID to bind roles"
+  type        = string
+}
+
+variable "service_account_email" {
+  description = "The email of the service account"
+  type        = string
+}

main.tf

@@ -50,10 +50,33 @@ module "compute_instance" {
   subnet   = module.vpc.webapp_subnet_self_link
   image    = var.custom_image
   zone     = var.zone
+  service_account_email = module.service_account.email
   startup_script    = templatefile("${path.module}/startup_script.tpl", {
     DB_USER = module.cloudsql.sql_user_name
     DB_PASS = module.cloudsql.sql_user_password
     DB_NAME = module.cloudsql.sql_database_name
     DB_HOST = module.cloudsql.sql_instance_name
   })
+}
+
+module "dns" {
+  source                  = "./dns"
+  webapp_domain_name      = "kashyabcloudapp.me."
+  webapp_dnsrecord_type   = "A"
+  webapp_dns_ttl          = 300
+  managed_zone_webapp     = "my-new-zone"  # The name of your existing managed zone
+  global_ip               = module.vpc.private_service_connect_ip
+}
+
+module "service_account" {
+  source       = "./service_account"
+  account_id   = "vm-service-account"
+  display_name = "VM Service Account"
+  project_id   = var.project_id
+}
+
+module "iam" {
+  source                = "./iam"
+  project_id            = var.project_id
+  service_account_email = module.service_account.email
 }

service_account/main.tf

@@ -0,0 +1,5 @@
+resource "google_service_account" "vm_service_account" {
+  account_id   = var.account_id
+  display_name = var.display_name
+  project      = var.project_id
+}

service_account/outputs.tf

@@ -0,0 +1,3 @@
+output "email" {
+  value = google_service_account.vm_service_account.email
+}

service_account/variables.tf

@@ -0,0 +1,14 @@
+variable "account_id" {
+  description = "The account ID of the service account"
+  type        = string
+}
+
+variable "display_name" {
+  description = "The display name of the service account"
+  type        = string
+}
+
+variable "project_id" {
+  description = "The project ID where the service account will be created"
+  type        = string
+}

vpc/outputs.tf

@@ -28,4 +28,8 @@ output "db_subnet_id" {
 
 output "private_vpc_connection_name" {
   value = google_service_networking_connection.private_service_connect.id
-}
+}
+
+output "private_service_connect_ip" {
+  value = google_compute_global_address.private_service_connect_ip.address
+}