2014-08-26 21:50:29 +00:00
---
layout: "google"
page_title: "Provider: Google Cloud"
sidebar_current: "docs-google-index"
2014-10-22 03:21:56 +00:00
description: |-
The Google Cloud provider is used to interact with Google Cloud services. The provider needs to be configured with the proper credentials before it can be used.
2014-08-26 21:50:29 +00:00
---
# Google Cloud Provider
The Google Cloud provider is used to interact with
[Google Cloud services ](https://cloud.google.com/ ). The provider needs
to be configured with the proper credentials before it can be used.
Use the navigation to the left to read about the available resources.
## Example Usage
2017-04-17 10:17:54 +00:00
```hcl
2016-04-10 21:34:15 +00:00
// Configure the Google Cloud provider
2014-08-26 21:50:29 +00:00
provider "google" {
2015-11-12 22:13:07 +00:00
credentials = "${file("account.json")}"
2018-03-12 20:59:47 +00:00
project = "my-gce-project-id"
2015-11-12 22:13:07 +00:00
region = "us-central1"
2014-08-26 21:50:29 +00:00
}
2016-04-10 21:34:15 +00:00
// Create a new instance
2014-08-26 21:50:29 +00:00
resource "google_compute_instance" "default" {
2017-04-06 18:06:48 +00:00
# ...
2014-08-26 21:50:29 +00:00
}
```
## Configuration Reference
The following keys can be used to configure the provider.
2015-11-12 22:13:07 +00:00
* `credentials` - (Optional) Contents of the JSON file used to describe your
2015-07-27 19:35:52 +00:00
account credentials, downloaded from Google Cloud Console. More details on
2017-07-28 13:39:11 +00:00
retrieving this file are below.
Credentials can also be specified using any of the following environment
variables (listed in order of precedence):
2016-04-10 23:31:40 +00:00
* `GOOGLE_CREDENTIALS`
* `GOOGLE_CLOUD_KEYFILE_JSON`
* `GCLOUD_KEYFILE_JSON`
2017-11-06 18:53:52 +00:00
The [`GOOGLE_APPLICATION_CREDENTIALS` ](https://developers.google.com/identity/protocols/application-default-credentials#howtheywork )
environment variable can also contain the path of a file to obtain credentials
from.
2017-04-28 23:16:38 +00:00
2017-07-28 13:39:11 +00:00
If no credentials are specified, the provider will fall back to using the
[Google Application Default
Credentials](https://developers.google.com/identity/protocols/application-default-credentials).
If you are running Terraform from a GCE instance, see [Creating and Enabling
Service Accounts for
Instances](https://cloud.google.com/compute/docs/authentication) for
details. On your computer, if you have made your identity available as the
Application Default Credentials by running [`gcloud auth application-default
login`](https://cloud.google.com/sdk/gcloud/reference/auth/application-default/login),
the provider will use your identity.
2018-01-03 21:33:58 +00:00
* `project` - (Optional) The ID of the project to apply any resources to. This
2017-08-01 19:37:32 +00:00
can also be specified using any of the following environment variables (listed
in order of precedence):
2016-04-10 23:31:40 +00:00
* `GOOGLE_PROJECT`
2018-03-29 18:43:45 +00:00
* `GOOGLE_CLOUD_PROJECT`
2016-04-10 23:31:40 +00:00
* `GCLOUD_PROJECT`
* `CLOUDSDK_CORE_PROJECT`
2014-08-26 21:50:29 +00:00
2018-01-03 22:09:46 +00:00
* `region` - (Optional) The region to operate under, if not specified by a given resource.
2018-01-03 21:33:58 +00:00
This can also be specified using any of the following environment variables (listed in order of
2016-04-10 23:31:40 +00:00
precedence):
2014-08-26 21:50:29 +00:00
2016-04-10 23:31:40 +00:00
* `GOOGLE_REGION`
* `GCLOUD_REGION`
* `CLOUDSDK_COMPUTE_REGION`
2018-03-29 18:43:45 +00:00
2018-01-03 21:33:58 +00:00
* `zone` - (Optional) The zone to operate under, if not specified by a given resource.
This can also be specified using any of the following environment variables (listed in order of
precedence):
2018-03-29 18:43:45 +00:00
2018-01-03 21:33:58 +00:00
* `GOOGLE_ZONE`
* `GCLOUD_ZONE`
* `CLOUDSDK_COMPUTE_ZONE`
2016-04-08 15:01:53 +00:00
2014-10-14 07:00:44 +00:00
## Authentication JSON File
2014-08-26 21:50:29 +00:00
2014-10-14 07:00:44 +00:00
Authenticating with Google Cloud services requires a JSON
file which we call the _account file_ .
2014-08-26 21:50:29 +00:00
2014-10-14 07:00:44 +00:00
This file is downloaded directly from the
2014-08-26 21:50:29 +00:00
[Google Developers Console ](https://console.developers.google.com ). To make
2014-10-14 07:00:44 +00:00
the process more straightforwarded, it is documented here:
2014-08-26 21:50:29 +00:00
1. Log into the [Google Developers Console ](https://console.developers.google.com )
and select a project.
2016-06-20 21:54:54 +00:00
2. The API Manager view should be selected, click on "Credentials" on the left,
then "Create credentials", and finally "Service account key".
2014-08-26 21:50:29 +00:00
2016-06-20 21:54:54 +00:00
3. Select "Compute Engine default service account" in the "Service account"
dropdown, and select "JSON" as the key type.
2015-12-11 18:19:37 +00:00
4. Clicking "Create" will download your `credentials` .
2017-08-10 20:28:52 +00:00
## Beta Features
Some Google Provider resources contain Beta features; Beta GCP Features have no
deprecation policy, and no SLA, but are otherwise considered to be feature-complete
with only minor outstanding issues after their Alpha period. Beta is when a GCP feature
is publicly announced, and is when they generally become publicly available.
2018-05-09 18:24:40 +00:00
Terraform resources that support beta features will always use the Beta APIs to provision
the resource. Importing a resource that supports beta features will always import those
features, even if the resource was created in a matter that was not explicitly beta.