terraform-provider-google/website/docs/index.html.markdown

---
layout: "google"
page_title: "Provider: Google Cloud"
sidebar_current: "docs-google-index"
description: |-
  The Google Cloud provider is used to interact with Google Cloud services. The provider needs to be configured with the proper credentials before it can be used.
---

# Google Cloud Provider

The Google Cloud provider is used to interact with
[Google Cloud services](https://cloud.google.com/). The provider needs
to be configured with the proper credentials before it can be used.

Use the navigation to the left to read about the available resources.

## Example Usage

```hcl
// Configure the Google Cloud provider
provider "google" {
  credentials = "${file("account.json")}"
  project     = "my-gce-project-id"
  region      = "us-central1"
}

// Create a new instance
resource "google_compute_instance" "default" {
  # ...
}
```

## Configuration Reference

The following keys can be used to configure the provider.

* `credentials` - (Optional) Contents of a file that contains your service
  account private key in JSON format. You can download your existing
  [Google Cloud service account file]
  from the Google Cloud Console, or you can create a new one from the same page.

  Credentials can also be specified using any of the following environment
  variables (listed in order of precedence):

    * `GOOGLE_CREDENTIALS`
    * `GOOGLE_CLOUD_KEYFILE_JSON`
    * `GCLOUD_KEYFILE_JSON`

  The [`GOOGLE_APPLICATION_CREDENTIALS`][adc]
  environment variable can also contain the path of a file to obtain credentials
  from.

  If no credentials are specified, the provider will fall back to using the
  [Google Application Default Credentials][adc].
  If you are running Terraform from a GCE instance, see [Creating and Enabling
  Service Accounts for Instances][gce-service-account] for details.

  On your computer, if you have made your identity available as the
  Application Default Credentials by running [`gcloud auth application-default
  login`][gcloud adc], the provider will use your identity.

  ~> **Warning:** The gcloud method is not guaranteed to work for all APIs, and
  [service accounts] or [GCE metadata] should be used if possible.

* `project` - (Optional) The ID of the project to apply any resources to.  This
  can also be specified using any of the following environment variables (listed
  in order of precedence):

    * `GOOGLE_PROJECT`
    * `GOOGLE_CLOUD_PROJECT`
    * `GCLOUD_PROJECT`
    * `CLOUDSDK_CORE_PROJECT`

* `region` - (Optional) The region to operate under, if not specified by a given resource.
  This can also be specified using any of the following environment variables (listed in order of
  precedence):

    * `GOOGLE_REGION`
    * `GCLOUD_REGION`
    * `CLOUDSDK_COMPUTE_REGION`

* `zone` - (Optional) The zone to operate under, if not specified by a given resource.
  This can also be specified using any of the following environment variables (listed in order of
  precedence):

    * `GOOGLE_ZONE`
    * `GCLOUD_ZONE`
    * `CLOUDSDK_COMPUTE_ZONE`


## Beta Features

Some Google Provider resources contain Beta features; Beta GCP Features have no
deprecation policy, and no SLA, but are otherwise considered to be feature-complete
with only minor outstanding issues after their Alpha period. Beta is when a GCP feature
is publicly announced, and is when they generally become publicly available. For
more information see [the official documentation](https://cloud.google.com/terms/launch-stages).

Terraform resources that support beta features will always use the Beta APIs to provision
the resource. Importing a resource that supports beta features will always import those
features, even if the resource was created in a matter that was not explicitly beta.

[Google Cloud service account file]: https://console.cloud.google.com/apis/credentials/serviceaccountkey
[adc]: https://cloud.google.com/docs/authentication/production
[gce-service-account]: https://cloud.google.com/compute/docs/authentication
[gcloud adc]: https://cloud.google.com/sdk/gcloud/reference/auth/application-default/login
[service accounts]: https://cloud.google.com/docs/authentication/getting-started
[GCE metadata]: https://cloud.google.com/docs/authentication/production#obtaining_credentials_on_compute_engine_kubernetes_engine_app_engine_flexible_environment_and_cloud_functions
website: document gce 2014-08-26 21:50:29 +00:00			`---`
			`layout: "google"`
			`page_title: "Provider: Google Cloud"`
			`sidebar_current: "docs-google-index"`
Add meta descriptions to all pages 2014-10-22 03:21:56 +00:00			`description: \|-`
			`The Google Cloud provider is used to interact with Google Cloud services. The provider needs to be configured with the proper credentials before it can be used.`
website: document gce 2014-08-26 21:50:29 +00:00			`---`

			`# Google Cloud Provider`

			`The Google Cloud provider is used to interact with`
			`[Google Cloud services](https://cloud.google.com/). The provider needs`
			`to be configured with the proper credentials before it can be used.`

			`Use the navigation to the left to read about the available resources.`

			`## Example Usage`

Massively add HCL source tag in docs Markdown files Signed-off-by: Max Riveiro <kavu13@gmail.com> 2017-04-17 10:17:54 +00:00			```hcl
Update documentation to include new "project" attribute This commit also normalizes the format we display attributes. 2016-04-10 21:34:15 +00:00			`// Configure the Google Cloud provider`
website: document gce 2014-08-26 21:50:29 +00:00			`provider "google" {`
provider/google: read credentials as contents instead of path Building on the work in #3846, shifting the Google provider's configuration option from `account_file` to `credentials`. 2015-11-12 22:13:07 +00:00			`credentials = "${file("account.json")}"`
make it clear that the attribute represents the project id (#672) 2018-03-12 20:59:47 +00:00			`project = "my-gce-project-id"`
provider/google: read credentials as contents instead of path Building on the work in #3846, shifting the Google provider's configuration option from `account_file` to `credentials`. 2015-11-12 22:13:07 +00:00			`region = "us-central1"`
website: document gce 2014-08-26 21:50:29 +00:00			`}`

Update documentation to include new "project" attribute This commit also normalizes the format we display attributes. 2016-04-10 21:34:15 +00:00			`// Create a new instance`
website: document gce 2014-08-26 21:50:29 +00:00			`resource "google_compute_instance" "default" {`
Replace // with # 2017-04-06 18:06:48 +00:00			`# ...`
website: document gce 2014-08-26 21:50:29 +00:00			`}`
			```

			`## Configuration Reference`

			`The following keys can be used to configure the provider.`

Clarify documentation around JSON credentials file (#1554) 2018-05-29 17:57:09 +00:00			* `credentials` - (Optional) Contents of a file that contains your service
update auth docs (#1587) * Added a link to the console page where you can download a file * Removed instructions on how to get to that page, since now you can just click on the link * Added caveat for application default credentials @sethvargo @theacodes @kimcam let me know if this seems reasonable / you have any suggestions! 2018-06-06 17:53:29 +00:00			`account private key in JSON format. You can download your existing`
			`[Google Cloud service account file]`
			`from the Google Cloud Console, or you can create a new one from the same page.`
Document that the Terraform Google Provider will fall back to using the Application Default Credentials. In particular, it will use the user's identify if the user has made his credentials available by running gcloud auth application-default login. 2017-07-28 13:39:11 +00:00
			`Credentials can also be specified using any of the following environment`
			`variables (listed in order of precedence):`
Read more default envvars for GCP - Closes #5874 - Fixes #5872 2016-04-10 23:31:40 +00:00
			* `GOOGLE_CREDENTIALS`
			* `GOOGLE_CLOUD_KEYFILE_JSON`
			* `GCLOUD_KEYFILE_JSON`

update auth docs (#1587) * Added a link to the console page where you can download a file * Removed instructions on how to get to that page, since now you can just click on the link * Added caveat for application default credentials @sethvargo @theacodes @kimcam let me know if this seems reasonable / you have any suggestions! 2018-06-06 17:53:29 +00:00			The [`GOOGLE_APPLICATION_CREDENTIALS`][adc]
Fix the info about the default credentials in the provider page (#689) 2017-11-06 18:53:52 +00:00			`environment variable can also contain the path of a file to obtain credentials`
			`from.`
Document GOOGLE_APPLICATION_CREDENTIALS support. We've supported GOOGLE_APPLICATION_CREDENTIALS as an environment variable (it comes free with our OAuth2 client) but it has never been documented. Documenting it now to resolve #12626. 2017-04-28 23:16:38 +00:00
Document that the Terraform Google Provider will fall back to using the Application Default Credentials. In particular, it will use the user's identify if the user has made his credentials available by running gcloud auth application-default login. 2017-07-28 13:39:11 +00:00			`If no credentials are specified, the provider will fall back to using the`
update auth docs (#1587) * Added a link to the console page where you can download a file * Removed instructions on how to get to that page, since now you can just click on the link * Added caveat for application default credentials @sethvargo @theacodes @kimcam let me know if this seems reasonable / you have any suggestions! 2018-06-06 17:53:29 +00:00			`[Google Application Default Credentials][adc].`
Document that the Terraform Google Provider will fall back to using the Application Default Credentials. In particular, it will use the user's identify if the user has made his credentials available by running gcloud auth application-default login. 2017-07-28 13:39:11 +00:00			`If you are running Terraform from a GCE instance, see [Creating and Enabling`
update auth docs (#1587) * Added a link to the console page where you can download a file * Removed instructions on how to get to that page, since now you can just click on the link * Added caveat for application default credentials @sethvargo @theacodes @kimcam let me know if this seems reasonable / you have any suggestions! 2018-06-06 17:53:29 +00:00			`Service Accounts for Instances][gce-service-account] for details.`

			`On your computer, if you have made your identity available as the`
Document that the Terraform Google Provider will fall back to using the Application Default Credentials. In particular, it will use the user's identify if the user has made his credentials available by running gcloud auth application-default login. 2017-07-28 13:39:11 +00:00			Application Default Credentials by running [`gcloud auth application-default
update auth docs (#1587) * Added a link to the console page where you can download a file * Removed instructions on how to get to that page, since now you can just click on the link * Added caveat for application default credentials @sethvargo @theacodes @kimcam let me know if this seems reasonable / you have any suggestions! 2018-06-06 17:53:29 +00:00			login`][gcloud adc], the provider will use your identity.

			`~> Warning: The gcloud method is not guaranteed to work for all APIs, and`
			`[service accounts] or [GCE metadata] should be used if possible.`
Document that the Terraform Google Provider will fall back to using the Application Default Credentials. In particular, it will use the user's identify if the user has made his credentials available by running gcloud auth application-default login. 2017-07-28 13:39:11 +00:00
Update project to be optional, add info about zone (#915) 2018-01-03 21:33:58 +00:00			* `project` - (Optional) The ID of the project to apply any resources to. This
For the sake of consistency, use the same phrasing ('This can also be (#273) specified...') for the project, credentials, and region attributes. 2017-08-01 19:37:32 +00:00			`can also be specified using any of the following environment variables (listed`
			`in order of precedence):`
Read more default envvars for GCP - Closes #5874 - Fixes #5872 2016-04-10 23:31:40 +00:00
			* `GOOGLE_PROJECT`
Read GOOGLE_CLOUD_PROJECT environment variable also (#1271) 2018-03-29 18:43:45 +00:00			* `GOOGLE_CLOUD_PROJECT`
Read more default envvars for GCP - Closes #5874 - Fixes #5872 2016-04-10 23:31:40 +00:00			* `GCLOUD_PROJECT`
			* `CLOUDSDK_CORE_PROJECT`
website: document gce 2014-08-26 21:50:29 +00:00
make provider-wide region optional (#916) 2018-01-03 22:09:46 +00:00			* `region` - (Optional) The region to operate under, if not specified by a given resource.
Update project to be optional, add info about zone (#915) 2018-01-03 21:33:58 +00:00			`This can also be specified using any of the following environment variables (listed in order of`
Read more default envvars for GCP - Closes #5874 - Fixes #5872 2016-04-10 23:31:40 +00:00			`precedence):`
website: document gce 2014-08-26 21:50:29 +00:00
Read more default envvars for GCP - Closes #5874 - Fixes #5872 2016-04-10 23:31:40 +00:00			* `GOOGLE_REGION`
			* `GCLOUD_REGION`
			* `CLOUDSDK_COMPUTE_REGION`
Read GOOGLE_CLOUD_PROJECT environment variable also (#1271) 2018-03-29 18:43:45 +00:00
Update project to be optional, add info about zone (#915) 2018-01-03 21:33:58 +00:00			* `zone` - (Optional) The zone to operate under, if not specified by a given resource.
			`This can also be specified using any of the following environment variables (listed in order of`
			`precedence):`
Read GOOGLE_CLOUD_PROJECT environment variable also (#1271) 2018-03-29 18:43:45 +00:00
Update project to be optional, add info about zone (#915) 2018-01-03 21:33:58 +00:00			* `GOOGLE_ZONE`
			* `GCLOUD_ZONE`
			* `CLOUDSDK_COMPUTE_ZONE`
Make GCP provider "project" attribute optional 2016-04-08 15:01:53 +00:00
Document Beta Features in index.html (#280) * First pass of Beta docs. * Updated new docs to link as well. * Updated new Beta resources with Beta link. 2017-08-10 20:28:52 +00:00
			`## Beta Features`

			`Some Google Provider resources contain Beta features; Beta GCP Features have no`
			`deprecation policy, and no SLA, but are otherwise considered to be feature-complete`
			`with only minor outstanding issues after their Alpha period. Beta is when a GCP feature`
Add a link to the official documentation of launch stages. (#1654) 2018-06-14 16:52:26 +00:00			`is publicly announced, and is when they generally become publicly available. For`
			`more information see [the official documentation](https://cloud.google.com/terms/launch-stages).`
Document Beta Features in index.html (#280) * First pass of Beta docs. * Updated new docs to link as well. * Updated new Beta resources with Beta link. 2017-08-10 20:28:52 +00:00
Roll forward beta scaffolding PR (#1453) * Revert "Merge pull request #1434 from terraform-providers/paddy_revert_beta" This reverts commit 118cd71201a55c0115fac19eba8823da3482d03c, reversing changes made to d59fcbbc59114368db43530045ee22a9d470831a. * add ConvertSelfLinkToV1 calls to places where beta links are stored 2018-05-09 18:24:40 +00:00			`Terraform resources that support beta features will always use the Beta APIs to provision`
			`the resource. Importing a resource that supports beta features will always import those`
			`features, even if the resource was created in a matter that was not explicitly beta.`
update auth docs (#1587) * Added a link to the console page where you can download a file * Removed instructions on how to get to that page, since now you can just click on the link * Added caveat for application default credentials @sethvargo @theacodes @kimcam let me know if this seems reasonable / you have any suggestions! 2018-06-06 17:53:29 +00:00
			`[Google Cloud service account file]: https://console.cloud.google.com/apis/credentials/serviceaccountkey`
			`[adc]: https://cloud.google.com/docs/authentication/production`
			`[gce-service-account]: https://cloud.google.com/compute/docs/authentication`
			`[gcloud adc]: https://cloud.google.com/sdk/gcloud/reference/auth/application-default/login`
			`[service accounts]: https://cloud.google.com/docs/authentication/getting-started`
			`[GCE metadata]: https://cloud.google.com/docs/authentication/production#obtaining_credentials_on_compute_engine_kubernetes_engine_app_engine_flexible_environment_and_cloud_functions`