Create a Google Cloud Project from scratch with Terraform (contains a workaround for a Google Cloud Platform API issue)

main.tf

# ========================================================
# Create Google Cloud Projects from scratch with Terraform
# ========================================================
#
# This script is a workaround to fix an issue with the
# Google Cloud Platform API that prevents to fully
# automate the deployment of a project _from scratch_
# with Terraform, as described here:
# https://stackoverflow.com/questions/68308103/gcp-project-creation-via-api-doesnt-enable-service-usage-api
# It uses the `gcloud` CLI:
# https://cloud.google.com/sdk/gcloud
# in the pipeline. The `gcloud` CLI therefore needs to be
# installed and provided with sufficient credentials to
# consume the API.
# Full article:
# https://medium.com/rockedscience/how-to-fully-automate-the-deployment-of-google-cloud-platform-projects-with-terraform-16c33f1fb31f

# Set variables to reuse them across the resources
# and enforce consistency.
variable project_id {
  type        = string
  default     = "my-test-project" # Change this
}

variable region {
  type        = string
  default     = "europe-west1" # Change this
}

variable zone {
  type        = string
  default     = "europe-west1-b" # Change this
}

variable services {
  type        = list
  default     = [
    # List all the services you use here
    "bigquery.googleapis.com"
  ]
}

# Set the Terraform provider
provider "google" {
  project               = var.project_id
  region                = var.region
  zone                  = var.zone

  # Ref: https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/provider_reference#user_project_override
  user_project_override = true
}

# Create the project
resource "google_project" "project" {
  name       = var.project_id
  project_id = var.project_id
}

# Use `gcloud` to enable:
# - serviceusage.googleapis.com
# - cloudresourcemanager.googleapis.com
resource "null_resource" "enable_service_usage_api" {
  provisioner "local-exec" {
    command = "gcloud services enable serviceusage.googleapis.com cloudresourcemanager.googleapis.com --project ${var.project_id}"
  }

  depends_on = [google_project.project]
}

# Wait for the new configuration to propagate
# (might be redundant)
resource "time_sleep" "wait_project_init" {
  create_duration = "60s"

  depends_on = [null_resource.enable_service_usage_api]
}

# Enable other services used in the project
resource "google_project_service" "services" {
  for_each = toset(var.services)

  project                    = var.project_id
  service                    = each.key
  disable_dependent_services = false
  disable_on_destroy         = false

  depends_on = [time_sleep.wait_project_init]
}

# Add a resource (just a demo, change as needed)
resource "google_bigquery_dataset" "my_test_dataset" {
  dataset_id                  = "my_test_dataset"
  location                    = var.region

  # Note the dependency, add this to every resource
  # you create with Terraform
  depends_on = [google_project_service.services]
}

Please read the comments carefully.

This fixes the following errors:

• Error: Error when reading or editing Project Service : Request List Project Services {REDACTED} returned error: Failed to list enabled services for project {REDACTED}: googleapi: Error 403: Service Usage API has not been used in project {REDACTED} before or it is disabled. serviceusage.googleapis.com
• Error: Error when reading or editing Project Service {REDACTED}: googleapi: Error 403: Cloud Resource Manager API has not been used in project {REDACTED} before or it is disabled. cloudresourcemanager.googleapis.com

Thank you for sharing this. Do you allow it to be used under a licence, e.g. MIT?

Thank you for sharing this. Do you allow it to be used under a licence, e.g. MIT?

Hi @nacnudus
yes, definitely MIT. I should have specified it in the comments, I will fix it. In the meanwhile, feel free to use it!

Thank you very much!