flowchart TD
%% Nodes
google_compute_firewall_allow_http_ssh["google_compute_firewall.allow_http_ssh"]
google_compute_global_address_private_ip_address["google_compute_global_address.private_ip_address"]
google_compute_instance_gallery_app["google_compute_instance.gallery_app"]
google_compute_network_vpc_network["google_compute_network.vpc_network"]
google_compute_subnetwork_default["google_compute_subnetwork.default"]
google_project_iam_member_cloudsql_client["google_project_iam_member.cloudsql_client"]
google_service_account_gallery_app["google_service_account.gallery_app"]
google_service_networking_connection_private_vpc_connection["google_service_networking_connection.private_vpc_connection"]
google_sql_database_gallery_db["google_sql_database.gallery_db"]
google_sql_database_instance_gallery_sql_db["google_sql_database_instance.gallery_sql_db"]
google_sql_user_gallery_user["google_sql_user.gallery_user"]
google_storage_bucket_flask_gallery_bucket["google_storage_bucket.flask_gallery_bucket"]
google_storage_bucket_iam_member_public["google_storage_bucket_iam_member.public"]
%% Edges
google_compute_firewall_allow_http_ssh --> google_compute_network_vpc_network
google_compute_global_address_private_ip_address --> google_compute_network_vpc_network
google_compute_instance_gallery_app --> google_compute_subnetwork_default
google_compute_instance_gallery_app --> google_service_account_gallery_app
google_compute_instance_gallery_app --> google_storage_bucket_flask_gallery_bucket
google_compute_subnetwork_default --> google_compute_network_vpc_network
google_project_iam_member_cloudsql_client --> google_service_account_gallery_app
google_project_iam_member_storage_admin --> google_service_account_gallery_app
google_service_networking_connection_private_vpc_connection --> google_compute_global_address_private_ip_address
google_sql_database_gallery_db --> google_sql_database_instance_gallery_sql_db
google_sql_database_instance_gallery_sql_db --> google_service_networking_connection_private_vpc_connection
google_sql_user_gallery_user --> google_sql_database_instance_gallery_sql_db
google_storage_bucket_iam_member_public --> google_storage_bucket_flask_gallery_bucket
This directory contains Terraform configurations to deploy the Gallery application infrastructure on Google Cloud Platform (GCP).
The infrastructure consists of the following components:
-
Networking
- Custom VPC network (10.0.0.0/16)
- Subnet in us-central1 region
- Firewall rules for HTTP/HTTPS traffic
-
Compute
- Compute Engine VM (e2-standard-2)
- Debian 11 image
- Service account with least-privilege access
-
Database
- Cloud SQL MySQL instance (2nd gen)
- Private IP access
- Automated backups enabled
-
Storage
- Cloud Storage bucket for image storage
- Uniform bucket-level access enabled
-
Application
- Flask application deployed as systemd service
- Automatic restart on failure
- Install Terraform (version >= 1.0.0)
- Install Google Cloud SDK
- Create a GCP project
- Enable required APIs:
- Compute Engine API
- Cloud SQL Admin API
- Cloud Storage API
- Cloud Resource Manager API
-
Create a GCS bucket for Terraform state:
gsutil mb gs://gallery-app-terraform-state
-
Create a terraform.tfvars file with your configuration:
project_id = "your-project-id" db_username = "your-db-username" db_password = "your-db-password"
-
Initialize Terraform:
terraform init
-
Review the planned changes:
terraform plan
-
Apply the configuration:
terraform apply
After successful deployment, the application will be available at:
- Main application: http://:80
To destroy all resources:
terraform destroy- The database is only accessible through private IP
- Service account has minimal required permissions
- Sensitive variables are marked as sensitive in Terraform
- Firewall rules are restricted to necessary ports
Estimated monthly costs:
- Compute Engine (e2-standard-2): ~$50/month
- Cloud SQL (db-n1-standard-1): ~$100/month
- Cloud Storage: Pay per use
- Network: Pay per use
Total estimated cost: $150-200/month (varies based on usage)