salrashid123 · August 7, 2023 14:12
diff --git a/main.tf b/main.tf
 /*
 Create GCP Confidential Space VM using Terraform

 export PROJECT_ID=`gcloud config get-value core/project`
 export PROJECT_NUMBER=`gcloud projects describe $PROJECT_ID --format='value(projectNumber)'`

 gcloud compute instances create vm1 --project=vegas-codelab-5 --confidential-compute  \
     --shielded-secure-boot --tags=tee-vm       --maintenance-policy=TERMINATE --service-account="[email protected]" --scopes=cloud-platform  --zone=us-central1-a  --image-project=confidential-space-images --image-family=confidential-space-debug  \
                --metadata ^~^tee-image-reference=gcr.io/cloud-marketplace/google/nginx1:latest~tee-restart-policy=Never~tee-container-log-redirect=true

 gcloud compute firewall-rules create allow-tee-requests  --allow tcp:80 --target-tags tee-vm --project=vegas-codelab-5

 curl -v http://<external_ip>
 */

 provider "google" {
  project = "your-project-id"
 }

 data "google_project" "project" {}

 resource "google_compute_instance" "tee" {
  name         = "vm1"
  zone         = "us-central1-a"
  machine_type = "n2d-standard-2"
  tags = ["tee-vm"]

  boot_disk {
    initialize_params {
      image = "confidential-space-images/confidential-space-debug"
    }
  }

  scheduling {
   on_host_maintenance = "TERMINATE"
  }

  network_interface {
    network = "default"

    access_config { }
  }

  metadata = {
    tee-image-reference = "gcr.io/cloud-marketplace/google/nginx1:latest"
    tee-restart-policy ="Never"
    tee-container-log-redirect = true
  }

  shielded_instance_config {
    enable_secure_boot = true
  }

  confidential_instance_config {
    enable_confidential_compute = true
  }

  service_account {
    email  = "${data.google_project.project.number}[email protected]"
    scopes = ["cloud-platform"]
  }
 }


 resource "google_compute_firewall" "tee_firewall" {
  name          = "allow-tee-requests"
  source_ranges = ["0.0.0.0/0"]

  network = "default"
  
  allow {
    protocol = "tcp"
    ports    = ["80"]
  }
  target_tags = ["tee-vm"]
  direction = "INGRESS"
 }


 output "tee_external_ip" {
  value = google_compute_instance.tee.network_interface.0.access_config.0.nat_ip
 }
	/*
	Create GCP Confidential Space VM using Terraform

	export PROJECT_ID=`gcloud config get-value core/project`
	export PROJECT_NUMBER=`gcloud projects describe $PROJECT_ID --format='value(projectNumber)'`

	gcloud compute instances create vm1 --project=vegas-codelab-5 --confidential-compute \
	--shielded-secure-boot --tags=tee-vm --maintenance-policy=TERMINATE --service-account="[email protected]" --scopes=cloud-platform --zone=us-central1-a --image-project=confidential-space-images --image-family=confidential-space-debug \
	--metadata ^~^tee-image-reference=gcr.io/cloud-marketplace/google/nginx1:latest~tee-restart-policy=Never~tee-container-log-redirect=true

	gcloud compute firewall-rules create allow-tee-requests --allow tcp:80 --target-tags tee-vm --project=vegas-codelab-5

	curl -v http://<external_ip>
	*/

	provider "google" {
	project = "your-project-id"
	}

	data "google_project" "project" {}

	resource "google_compute_instance" "tee" {
	name = "vm1"
	zone = "us-central1-a"
	machine_type = "n2d-standard-2"
	tags = ["tee-vm"]

	boot_disk {
	initialize_params {
	image = "confidential-space-images/confidential-space-debug"
	}
	}

	scheduling {
	on_host_maintenance = "TERMINATE"
	}

	network_interface {
	network = "default"

	access_config { }
	}

	metadata = {
	tee-image-reference = "gcr.io/cloud-marketplace/google/nginx1:latest"
	tee-restart-policy ="Never"
	tee-container-log-redirect = true
	}

	shielded_instance_config {
	enable_secure_boot = true
	}

	confidential_instance_config {
	enable_confidential_compute = true
	}

	service_account {
	email = "${data.google_project.project.number}[email protected]"
	scopes = ["cloud-platform"]
	}
	}


	resource "google_compute_firewall" "tee_firewall" {
	name = "allow-tee-requests"
	source_ranges = ["0.0.0.0/0"]

	network = "default"

	allow {
	protocol = "tcp"
	ports = ["80"]
	}
	target_tags = ["tee-vm"]
	direction = "INGRESS"
	}


	output "tee_external_ip" {
	value = google_compute_instance.tee.network_interface.0.access_config.0.nat_ip
	}