Ensure you are logged into both GCP & AWS systems from your CLI before executing below terraform commands.
gcloud auth login
gcloud auth application-default login
List projects and choose one.
gcloud projects list
gcloud config set project <PROJECT_NAME>
gcloud config list
aws sts get-caller-identity
Connect to GCP systems from AWS Cloud. In this example, we will use AWS VM to connect with GCP resources.
export GCP_PROJECT_NAME=$(gcloud config list --format="value(core.project)")
terraform init
terraform plan -var gcp_project_name=$GCP_PROJECT_NAME
terraform apply -var gcp_project_name=$GCP_PROJECT_NAME
Post terraform apply, copy the ssh command from the output and login to the AWS VM.
- Some pre-requisities will be installed
- Connectivity to the GCP systems will be established
- Test it by running,
gcloud iam service-accounts get-iam-policy ${gcp_service_account_email}
terraform destroy -var gcp_project_name=$GCP_PROJECT_NAME
There's no in-built terraform module to create credential config, gcloud iam workload-identity-pools create-cred-config. This command will be executed on the local machine using terraform's null_resource capability.