Configure a firewall and a startup script with Deployment Manager

install-web.sh

#!/bin/bash
apt-get update

ql.jinja

resources:
- type: compute.v1.instance
  name: vm-test
  properties:
    zone: {{ properties["zone"] }}
    machineType: https://www.googleapis.com/compute/v1/projects/{{ env["project"] }}/zones/{{ properties["zone"] }}/machineTypes/f1-micro
    # For examples on how to use startup scripts on an instance, see:
    #   https://cloud.google.com/compute/docs/startupscript
    tags:
      items: ["http","http-server"]
    disks:
    - deviceName: boot
      type: PERSISTENT
      boot: true
      autoDelete: true
      initializeParams:
        diskName: disk-{{ env["deployment"] }}
        sourceImage: https://www.googleapis.com/compute/v1/projects/debian-cloud/global/images/family/debian-9
    networkInterfaces:
    - network: https://www.googleapis.com/compute/v1/projects/{{ env["project"] }}/global/networks/default
      # Access Config required to give the instance a public IP address
      accessConfigs:
      - name: External NAT
        type: ONE_TO_ONE_NAT
    metadata:
      items:
      - key: startup-script
        value: |
          {{ imports["install-web.sh"]|indent(10) }}
- type: compute.v1.firewall
  name: fw-test
  properties:
    targetTags: ["http"]
    network: https://www.googleapis.com/compute/v1/projects/{{ env["project"] }}/global/networks/default
    sourceRanges: ["0.0.0.0/0"]
    allowed:
    - IPProtocol: TCP
      ports: ["80"]

ql.yaml

imports:
- path: ql.jinja
- path: install-web.sh
  name: install-web.sh

resources:
- name: qwiklabs
  type: ql.jinja
  properties:
    zone: us-central1-a