README.md

Self Hosted Terraform Cloud agent on Managed Instance Group

This module handles the opinionated creation of infrastructure necessary to deploy Terraform Cloud agents on a Managed Instance Group (MIG).

This includes:

• Enabling necessary APIs
• VPC
• NAT & Cloud Router
• Service Account for MIG
• MIG Instance Template
• MIG Instance Manager
• FW Rules
• Secret Manager Secret

Below are some examples:

Simple Self Hosted Terraform Cloud agent

This example shows how to deploy a MIG self hosted Terraform Cloud agent bootstrapped using startup scripts.

Inputs

Name	Description	Type	Default	Required
cooldown_period	The number of seconds that the autoscaler should wait before it starts collecting information from a new instance	number	60	no
create_network	When set to true, VPC, router and NAT will be auto created	bool	true	no
create_service_account	Set to true to create a new service account, false to use an existing one	bool	true	no
custom_metadata	User provided custom metadata	map(any)	{}	no
machine_type	The GCP machine type to deploy	string	"n1-standard-1"	no
max_replicas	Maximum number of Terraform agent instances	number	10	no
min_replicas	Minimum number of Terraform agent instances	number	1	no
network_name	Name for the VPC network	string	"tfc-agent-network"	no
network_project	The project ID of the shared VPCs host (for shared vpc support). If not provided, the project_id is used	string	""	no
project_id	The Google Cloud Platform project ID to deploy Terraform Cloud agent	string	n/a	yes
region	The GCP region to use when deploying resources	string	"us-central1"	no
service_account_email	Service account email address to use with the MIG template, required if create_service_account is set to false	string	""	no
source_image	Source disk image. If neither source_image nor source_image_family is specified, defaults to the latest public CentOS image	string	""	no
source_image_family	Source image family. If neither source_image nor source_image_family is specified, defaults to the latest public Ubuntu image	string	"ubuntu-2204-lts"	no
source_image_project	Project where the source image originates	string	"ubuntu-os-cloud"	no
startup_script	User startup script to run when instances spin up	string	""	no
subnet_ip	IP range for the subnet	string	"10.10.10.0/24"	no
subnet_name	Name for the subnet	string	"tfc-agent-subnet"	no
tfc_agent_address	The HTTP or HTTPS address of the Terraform Cloud/Enterprise API	string	"https://app.terraform.io"	no
tfc_agent_auto_update	Controls automatic core updates behavior. Acceptable values include disabled, patch, and minor	string	"minor"	no
tfc_agent_labels	Terraform Cloud agent labels to attach to the VMs	set(string)	[]	no
tfc_agent_name_prefix	This name may be used in the Terraform Cloud user interface to help easily identify the agent	string	"tfc-agent-mig-vm"	no
tfc_agent_secret	The secret id for storing the Terraform Cloud agent secret	string	"tfc-agent"	no
tfc_agent_single	Enable single mode. This causes the agent to handle at most one job and immediately exit thereafter. Useful for running agents as ephemeral containers, VMs, or other isolated contexts with a higher-level scheduler or process supervisor	bool	false	no
tfc_agent_token	Terraform Cloud agent token. (Organization Settings >> Agents)	string	n/a	yes
tfc_agent_version	Terraform Cloud agent version to install	string	"1.12.0"	no

Outputs

Name	Description
mig_instance_group	The instance group url of the created MIG
mig_instance_template	The name of the MIG Instance Template
mig_name	The name of the MIG
network_name	Name of the VPC
service_account_email	Service account email used with the MIG template

Requirements

Before this module can be used on a project, you must ensure that the following pre-requisites are fulfilled:

1. Required APIs are activated

   "iam.googleapis.com",
   "compute.googleapis.com",
   "storage-component.googleapis.com",
   "logging.googleapis.com",
   "monitoring.googleapis.com",
   "secretmanager.googleapis.com",