Skip to content

06 — GCP Project & APIs

Previous: 05 — Project Setup & Terraform State

Before Terraform can create resources, we need a GCP project and must enable the APIs that Terraform will manage.

Create a GCP project

If you don't have a GCP project yet, create one:

# Create a new project
gcloud projects create mycoolproject-prod --name="My Cool Project"

# Set it as your active project
gcloud config set project mycoolproject-prod

If you already have a project, skip to setting the active project:

gcloud config set project mycoolproject-prod

Get your project ID (you'll need it for Terraform):

gcloud projects describe mycoolproject-prod --format='value(projectId)'

Enable GCP APIs

Terraform manages these GCP services, so we need to enable their APIs:

# Enable APIs needed for this guide
gcloud services enable \
  run.googleapis.com \
  cloudbuild.googleapis.com \
  artifactregistry.googleapis.com \
  cloudscheduler.googleapis.com \
  tasks.googleapis.com \
  storage.googleapis.com \
  secretmanager.googleapis.com \
  vpcaccess.googleapis.com \
  servicenetworking.googleapis.com \
  compute.googleapis.com

These APIs power Cloud Run, Cloud Storage, Secret Manager, Serverless VPC, and more.

Project ID vs Project Number

  • Project ID — your unique identifier (e.g., mycoolproject-prod)
  • Project Number — a numeric identifier (e.g., 123456789012)

Terraform uses both: - project in provider config = project ID - Some resources need project number for IAM bindings

Get your project number:

gcloud projects describe mycoolproject-prod --format='value(projectNumber)'

Add both to infrastructure/terraform.tfvars:

project_id      = "mycoolproject-prod"
project_number  = "123456789012"
region          = "southamerica-east1"

Terraform: Enable APIs via resource

Alternatively, you can let Terraform enable APIs automatically using the google-project-service-enforcement resource. Add to main.tf:

# Enable required APIs
resource "google_project_service" "apis" {
  for_each = toset([
    "run.googleapis.com",
    "cloudbuild.googleapis.com",
    "artifactregistry.googleapis.com",
    "cloudscheduler.googleapis.com",
    "tasks.googleapis.com",
    "storage.googleapis.com",
    "secretmanager.googleapis.com",
    "vpcaccess.googleapis.com",
    "servicenetworking.googleapis.com",
    "compute.googleapis.com",
  ])

  project = var.project_id
  service = each.value

  disable_dependent_services = false
  disable_on_destroy         = false
}

This approach makes API enablement part of your Terraform state — useful for reproducibility.