Terraform with GCP — SKILL.md

---
name: "Terraform with GCP"
description: "Skill for Terraform with GCP — auto-generated from documentation"
version: "1.0.0"
author: "skynet"
category: "infrastructure"
agents: ["claude-code", "codex", "gemini"]
tags: ["terraform-gcp", "infrastructure", "auto-generated"]
---

# Terraform with GCP

---
name: Terraform with GCP
description: Use when you need to provision, manage, or destroy Google Cloud Platform infrastructure using Infrastructure as Code. Essential for GCP resource automation, environment consistency, and scalable cloud deployments.
metadata:
  author: skynet
  version: 1.0.0
category: infrastructure
---

# Terraform with GCP

## Setup and Authentication

### Install and Configure
```bash
# Install Terraform
curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add -
sudo apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main"
sudo apt-get update && sudo apt-get install terraform

# Install gcloud CLI
curl https://sdk.cloud.google.com | bash
exec -l $SHELL
gcloud init

# Authenticate for Terraform
gcloud auth application-default login
```

### Provider Configuration
```hcl
terraform {
  required_providers {
    google = {
      source  = "hashicorp/google"
      version = "~> 5.0"
    }
  }
  required_version = ">= 1.0"
}

provider "google" {
  project = var.project_id
  region  = var.region
  zone    = var.zone
}
```

## Core Workflow Commands

### Project Initialization
```bash
# Initialize new project
terraform init

# Initialize with backend configuration
terraform init -backend-config="bucket=my-tf-state-bucket"

# Upgrade providers
terraform init -upgrade
```

### Planning and Deployment
```bash
# Create execution plan
terraform plan -var-file="terraform.tfvars"

# Apply with auto-approve
terraform apply -auto-approve

# Apply specific target
terraform apply -target=google_compute_instance.web_server

# Destroy infrastructure
terraform destroy -var-file="terraform.tfvars"
```

## Common GCP Resources

### Compute Engine Instance
```hcl
resource "google_compute_instance" "web_server" {
  name         = "web-server"
  machine_type = "e2-medium"
  zone         = var.zone

  boot_disk {
    initialize_params {
      image = "debian-cloud/debian-11"
      size  = 20
      type  = "pd-standard"
    }
  }

  network_interface {
    network = "default"
    access_config {
      # Ephemeral public IP
    }
  }

  metadata_startup_script = file("startup-script.sh")

  tags = ["web-server", "http-server"]
}
```

### VPC Network and Firewall
```hcl
resource "google_compute_network" "vpc_network" {
  name                    = "my-vpc"
  auto_create_subnetworks = false
}

resource "google_compute_subnetwork" "subnet" {
  name          = "my-subnet"
  ip_cidr_range = "10.0.0.0/24"
  region        = var.region
  network       = google_compute_network.vpc_network.id
}

resource "google_compute_firewall" "allow_http" {
  name    = "allow-http"
  network = google_compute_network.vpc_network.name

  allow {
    protocol = "tcp"
    ports    = ["80", "443"]
  }

  source_ranges = ["0.0.0.0/0"]
  target_tags   = ["http-server"]
}
```

### Cloud Storage Bucket
```hcl
resource "google_storage_bucket" "static_site" {
  name          = "${var.project_id}-static-site"
  location      = "US"
  force_destroy = true

  uniform_bucket_level_access = true

  website {
    main_page_suffix = "index.html"
    not_found_page   = "404.html"
  }

  cors {
    origin          = ["*"]
    method          = ["GET", "HEAD", "PUT", "POST", "DELETE"]
    response_header = ["*"]
    max_age_seconds = 3600
  }
}
```

## State Management

### Remote State with Cloud Storage
```hcl
terraform {
  backend "gcs" {
    bucket = "my-terraform-state-bucket"
    prefix = "terraform/state"
  }
}
```

### State Commands
```bash
# Show current state
terraform show

# List resources in state
terraform state list

# Import existing resource
terraform import google_compute_instance.example projects/my-project/zones/us-central1-a/instances/my-instance

# Remove resource from state
terraform state rm google_compute_instance.example

# Move resource in state
terraform state mv google_compute_instance.old google_compute_instance.new
```

## Decision Tree: Resource Selection

```
Infrastructure Need?
├── Compute Workload?
│   ├── Containers → GKE (google_container_cluster)
│   ├── Serverless → Cloud Run (google_cloud_run_service)
│   └── VMs → Compute Engine (google_compute_instance)
├── Storage Need?
│   ├── Object Storage → Cloud Storage (google_storage_bucket)
│   ├── Database → Cloud SQL (google_sql_database_instance)
│   └── File System → Filestore (google_filestore_instance)
└── Networking?
    ├── Load Balancing → Load Balancer (google_compute_global_forwarding_rule)
    ├── VPN → VPN Gateway (google_compute_vpn_gateway)
    └── Custom Network → VPC (google_compute_network)
```

## Advanced Patterns

### Variable Configuration
```hcl
# variables.tf
variable "project_id" {
  description = "GCP Project ID"
  type        = string
}

variable "region" {
  description = "GCP Region"
  type        = string
  default     = "us-central1"
}

variable "instance_config" {
  description = "Instance configuration"
  type = object({
    machine_type = string
    disk_size    = number
    image        = string
  })
  default = {
    machine_type = "e2-medium"
    disk_size    = 20
    image        = "debian-cloud/debian-11"
  }
}
```

### Data Sources
```hcl
data "google_compute_zones" "available" {
  region = var.region
}

data "google_compute_image" "debian" {
  family  = "debian-11"
  project = "debian-cloud"
}

resource "google_compute_instance" "example" {
  name         = "example"
  machine_type = "e2-medium"
  zone         = data.google_compute_zones.available.names[0]

  boot_disk {
    initialize_params {
      image = data.google_compute_image.debian.self_link
    }
  }
}
```

## Troubleshooting

### Common Errors and Solutions

**Error: `quota exceeded`**
```bash
# Check quota usage
gcloud compute project-info describe --project=PROJECT_ID

# Request quota increase through console or:
gcloud alpha compute quotas list --filter="region:(us-central1)"
```

**Error: `insufficient permissions`**
```bash
# Check current permissions
gcloud auth list
gcloud config get-value account

# Re-authenticate
gcloud auth application-default login

# Set correct project
gcloud config set project PROJECT_ID
```

**Error: `resource already exists`**
```bash
# Import existing resource
terraform import RESOURCE_TYPE.RESOURCE_NAME RESOURCE_ID

# Example:
terraform import google_compute_instance.web projects/my-project/zones/us-central1-a/instances/web
```

### Debug Commands
```bash
# Enable verbose logging
export TF_LOG=DEBUG
terraform plan

# Validate configuration
terraform validate

# Format configuration
terraform fmt -recursive

# Check for security issues
terraform plan | grep -i "force_destroy\|public"
```

### State Recovery
```bash
# Backup current state
cp terraform.tfstate terraform.tfstate.backup

# Refresh state from real infrastructure
terraform refresh

# Force unlock state (if locked)
terraform force-unlock LOCK_ID
```