Terraform Template
Overview
You can deploy SFTP Gateway version 3 using Terraform.
This article covers deploying a single VM instance of SFTP Gateway version 3.5.0
on GCP. The Terraform template is provided as an example, so feel free to further customize it for your business case.
Note: Make sure you are subscribed to SFTP Gateway in the Google Marketplace before deploying the Terraform template or else you will run into an error while creating the Virtual Machine.
Running the template
We recommend that you use the Cloud Shell within the Google Cloud Platform console. The Cloud Shell supports the Terraform CLI. And it also inherits your Google Cloud permissions from the web console.
This article contains two files:
sftpgw-single-instance.tf
terraform.tfvars
Create these two files, using the file contents at the bottom of this page. Make adjustments to the terraform.tfvars
file. Then, run the following commands:
terraform init
terraform plan
When you are ready to deploy the template, run:
terraform apply
How does it work
This article contains a main Terraform template named:
sftpgw-single-instance.tf
This template provisions the following resources:
Virtual Machine
: This server is based on the SFTP Gateway marketplace VMFirewall
: Allows TCP22
from anywhere, but locks down admin ports80
,443
,2222
to a single IPPublic IP
: Static IP that retains the IP after a rebootGoogle Storage Bucket
: A Cloud Storage Bucket to receive SFTP files. Note: The Terraform template only creates the Bucket. You will need to later configure SFTP Gateway to point to it.
There's also another file that contains variables:
terraform.tfvars
Since this file is named terraform.tfvars
, it will be automatically used without having to run:
terraform -var-file terraform.tfvars
You can configure the following variables:
project
: Specify the project in which to deploy the VMregion
: Specify your current regionzone
: Specify your current zonesource_ranges
: Get your workstation's public IP fromcheckip.dyndns.org
. Append/32
to specify a single IP rangegoogle_storage_bucket
: Specify a bucket for your SFTP filesssh-keys
: Set an SSH key to be used to SSH into your VM. Note: the format isubuntu:ssh-rsa AAAAB3NzaC1
, where you specify the username followed by the public key.credentials
: Optional. Specify a json key credentials file to deploy this Terraform template.machine_type
: Optional. Specify the size of your VM. Defaults toe2-medium
.
Terraform file contents
sftpgw-single-instance.tf
terraform {
required_providers {
google = {
source = "hashicorp/google"
version = "3.5.0"
}
}
}
provider "google" {
credentials = var.credentials == null ? null : file(var.credentials)
project = var.project
region = var.region
zone = var.zone
}
variable "google_storage_bucket" {
type = string
description = "Name of your Google Storage bucket"
}
variable "credentials" {
type = string
description = "Name of your Service Key"
default = null
}
variable "project" {
type = string
description = "Name of your Google Cloud project"
}
variable "region" {
type = string
description = "Name of your Google Cloud region"
default = "us-central1"
}
variable "zone" {
type = string
description = "Name of your region zone"
default = "us-central1-c"
}
variable "machine_type" {
type = string
description = "Machine type of your VM"
default = "e2-medium"
}
variable "ssh-keys" {
type = string
description = "Key used to SSH into your VM"
default = null
}
resource "google_storage_bucket" "my_bucket" {
name = var.google_storage_bucket == "" ? "sftpgw-terraform-${random_id.new.hex}" : var.google_storage_bucket
location = var.region
}
variable "source_ranges" {
type = string
description = "Source IP range"
}
resource "google_compute_network" "vpc_network" {
name = "terraform-network-${random_id.new.hex}"
}
resource "google_compute_address" "static" {
name = "ipv4-address-${random_id.new.hex}"
}
resource "random_id" "new" {
byte_length = "8"
}
resource "google_compute_instance" "default" {
name = "terraform-instance-${random_id.new.hex}"
machine_type = var.machine_type
zone = var.zone
tags = ["terraform-instance"]
boot_disk {
initialize_params {
image = "thorn-technologies-public/sftpgw-3-5-0-1708123763"
}
}
network_interface {
network = google_compute_network.vpc_network.name
access_config {
nat_ip = google_compute_address.static.address
}
}
metadata = {
ssh-keys = var.ssh-keys
}
}
resource "google_compute_firewall" "default" {
name = "terraform-firewall-${random_id.new.hex}"
network = google_compute_network.vpc_network.name
allow {
protocol = "tcp"
ports = ["80", "443", "2222"]
}
target_tags = ["terraform-instance"]
source_ranges = [var.source_ranges]
}
resource "google_compute_firewall" "sftp-port-22" {
name = "terraform-firewall--${random_id.new.hex}"
network = google_compute_network.vpc_network.name
allow {
protocol = "tcp"
ports = ["22"]
}
target_tags = ["terraform-instance"]
source_ranges = ["0.0.0.0/0"]
}
output "public_ip_address" {
value = "${google_compute_address.static.address}"
}
terraform.tfvars
google_storage_bucket = "your-bucket-terraform"
project = "your-google-cloud-project"
region = "us-central1"
zone = "us-central1-c"
ssh-keys = "ubuntu:ssh-rsa AAAAB3NzaC1"
source_ranges = "3.222.237.17/32"