How do I delete and replace the default GCP vpc with terraform?

terraform gcp vpc module
terraform gcp compute instance example
terraform import gcp
terraform gcp firewall example
terraform gcp subnet
terraform gcp external ip
terraform gcp modules
terraform gcp ssh key

Google recommends deleting and creating your own VPC for prod

This resource manages the default VPC: https://www.terraform.io/docs/providers/aws/r/default_vpc.html

But I want to set a different VPC to be the default and delete the auto created one.

How is this possible?

The default network does not have any specific configuration that makes it be the default network. It is just the one network that is always created together with a new project, and whenever a network is not specified (for instance, when deploying a GAE flex application), the network used will be the one with the name default. When you create a project with Terraform, you can specify auto_network_creation = "false".

However, this will not prevent the creation of the default network, it will just delete it before the project is fully created. This means that, during the Terraform creation, it is not possible to create another network called default. That must be done after the original default network is created, hence, after the project creation.

You can try creating projects with Terraform using this tutorial. The next snippet is part of the tutorial, in which I included the line to delete the default network on project creation.

variable "project_name" {}
variable "billing_account" {}
variable "org_id" {}
variable "region" {}

provider "google" {
 region = "${var.region}"
}

resource "random_id" "id" {
 byte_length = 4
 prefix      = "${var.project_name}-"
}

resource "google_project" "project" {
 name            = "${var.project_name}"
 project_id      = "${random_id.id.hex}"
 billing_account = "${var.billing_account}"
 org_id          = "${var.org_id}"
 auto_create_network = "false" //This is supposed to delete default network on project creation
}

resource "google_project_services" "project" {
 project = "${google_project.project.project_id}"
 services = [
   "compute.googleapis.com"
 ]
}

output "project_id" {
 value = "${google_project.project.project_id}"
}

Nonetheless, I have tried it myself and the default network was still there.

VPC network - Google: google_compute_network, Each VPC network is a global entity spanning all GCP regions. Note: This field uses attr-as-block mode to avoid breaking users during the 0.12 upgrade. create - Default is 6 minutes. update - Default is 6 minutes. delete - Default is 6� » Removing aws_default_vpc from your configuration The aws_default_vpc resource allows you to manage a region's default VPC, but Terraform cannot destroy it. Removing this resource from your configuration will remove it from your statefile and management, but will not destroy the VPC. You can resume managing the VPC via the AWS Console.

You can avoid/skip the default network creation by setting an Organization Policy Constraint.

gcloud  resource-manager org-policies enable-enforce \
   constraints/compute.skipDefaultNetworkCreation \
   --organization ORGANIZATION_ID

more details in Organization Policy Constraints and Using boolean constraints in organization policy

Example Usage - Subnetwork Basic, Access Context Manager (VPC Service Controls) resource " google_compute_instance" "default" { name = "test" machine_type = "n1- standard-1" Note: you must disable deletion protection before removing the resource (e.g., via This replaces the startup-script metadata key on the created instance and thus the two� First, permanently delete the resources created by Terraform: terraform destroy Next, delete the Terraform Admin project and all of its resources: gcloud projects delete ${TF_ADMIN} Finally, remove the organization level IAM permissions for the service account:

As in Terraform you describe desired state of your configuration it is not possible to implicit send "destroy request" to a resource that is not managed by Terraform.

However you could try importing it firstly then it will be managed by Terraform and as you do not include it in your *.tf files the default subnet should be deleted during terraform apply step.

Google Compute Instance docs, Serverless VPC Access resource "google_compute_instance_template" " default" { name Template, Terraform will destroy the existing resource and create a replacement. and it will use GCP's default behavior, setting the image for the template to the family: create - Default is 4 minutes. delete - Default is 4 minutes. In the previous page, you created your first infrastructure with Terraform: a VPC network. In this page, we're going to modify your configuration, and see how Terraform handles change. Infrastructure is continuously evolving, and Terraform was built to help manage and enact that change.

Setting property auto_create_network = "false" and mentioning a billing account ID, while creating a GCP project as in the below code snippet, ensures that default network gets deleted.

resource "google_project" "project" {
    name            = "test"
    project_id      = "test-523"
    billing_account = "xxxxx"
    auto_create_network = "false"
}

Google: google_compute_instance_template, delete - Default is 4 minutes. � Import. Firewall can be imported using any of these accepted formats: $ terraform import google_compute_firewall.default projects/{{� In the VPC file, I have configured routing-type as global and I have disabled creation of sub-networks (automatically) as GCP creates sub-networks in every region during VPC creation if not disabled.

Google: google_compute_firewall, Access Context Manager (VPC Service Controls) Changing this forces the project to be migrated to the newly specified skip_delete - (Optional) If true, the Terraform resource can be deleted without deleting the Project via the Google API. auto_create_network - (Optional) Create the 'default' network automatically. Run terraform apply followed by terraform output ip to return the instance's external IP address. Validate that everything is set up correctly at this point by connecting to that IP address with SSH. This tutorial needs the default network's default-allow-ssh firewall rule to be in place before you can use SSH to connect to the instance. If you

google_project - Google: google_project, output "instance_id" { value = google_compute_instance.default.self_link } Next, delete the Terraform Admin project and all of its resources:. For the last ~2 years, I’ve been using Terraform to manage mostly AWS infrastructure. It has allowed me to know exactly what resources I’ve provisioned, save time by using modules for common…

Managing Google Cloud projects with Terraform, This page describes how to create, modify, and delete VPC networks. You can remove and replace a subnet's secondary IP address range only if no instances� Terraform AWS Example. Create EC2 instance with Terraform. Terraform AWS example on how to create AWS resources with Terraform. Create a Security Group using Terraform. Infrastructure as Code Example. Terraform aws Configuration file example and terraform plan and terraform apply command real-time usage and examples.

Comments
  • Terraform can't handle deletions of the default VPC and can only manage the existing default VPC by using that resource. You'll need to use the AWS CLI or otherwise to delete the default VPC instead.
  • gcp im talking about gcp
  • I don't believe this is possible with Terraform.
  • You cannot delete default vpc , you only can create new one and replace it .
  • yes i know, im asking specifically about how to do this with terrafrom
  • The default network is used if you do not explicitly specify a network. How do I set a new network as the default?
  • As mentioned above, the network under the name default will be used as such. That is, if you delete the original default network and create your own, if you give it the name default, it will be the pone used whenever no network is specified.