[Terraform] GCP Authentication

Authenticating Terraform with Google Cloud

1. Pre-Authenticated Terraform on Cloud Shell

• Cloud Shell is a Compute Engine VM, so it's automatically authenticated.
• No need to set up a service account key when using Cloud Shell.

2. Workstation Authentication

• Install the gcloud CLI.
• Run the following command to authenticate:

  gcloud auth application-default login

3. Google Cloud VM Authentication

• Configure your Google Cloud VM to use a Google Service Account for Terraform authentication.
• Ensure the VM has the Google Cloud API enabled.

4. Authentication Outside Google Cloud

• Use a Google Cloud Service Account with Terraform:
  - Go to the service account key page in Cloud Console.
  - Select or create a service account.
  - Download the JSON key file and store it securely.
• Set the environment variable for Terraform to use the key:

export GOOGLE_APPLICATION_CREDENTIALS="/path/to/your-key.json"

5. Limitations and Alternatives

• Service account keys are short-lived and need protection.
• Workload identity and workload identity federation are recommended for mitigating token limitations when running Terraform outside Google Cloud.