» Google Provider Configuration Reference

The google and google-beta provider blocks are used to configure default values for your GCP project and location (zone and region), and add your credentials.

» Example Usage - Basic provider blocks

provider "google" {
  credentials = "${file("account.json")}"
  project     = "my-project-id"
  region      = "us-central1"
  zone        = "us-central1-c"
}
provider "google-beta" {
  credentials = "${file("account.json")}"
  project     = "my-project-id"
  region      = "us-central1"
  zone        = "us-central1-c"
}

» Example Usage - Using beta features with google-beta

To use Google Cloud Platform features that are in beta, explicitly set the provider for your resource to google-beta. See Provider Versions for a full reference on how to use different GCP versions with the Google provider.

resource "google_compute_instance" "ga-instance" {
  provider = "google"

  # ...
}

resource "google_compute_instance" "beta-instance" {
  provider = "google-beta"

  # ...
}

provider "google-beta" {}

» Configuration Reference

The following keys can be used to configure the provider. Both google and google-beta share the same configuration.

  • credentials - (Optional) The path or contents of a file that contains your service account private key in JSON format. You can download your existing Google Cloud service account file from the Google Cloud Console, or you can create a new one from the same page.

Credentials can also be specified using any of the following environment variables (listed in order of precedence):

* `GOOGLE_CREDENTIALS`
* `GOOGLE_CLOUD_KEYFILE_JSON`
* `GCLOUD_KEYFILE_JSON`

The GOOGLE_APPLICATION_CREDENTIALS environment variable can also contain the path of a file to obtain credentials from.

If no credentials are specified, the provider will fall back to using the Google Application Default Credentials. If you are running Terraform from a GCE instance, see Creating and Enabling Service Accounts for Instances for details.

On your computer, if you have made your identity available as the Application Default Credentials by running gcloud auth application-default login, the provider will use your identity.

  • access_token - (Optional) An temporary OAuth 2.0 access token obtained from the Google Authorization server, i.e. the Authorization: Bearer token used to authenticate Google API HTTP requests.

Access tokens can also be specified using any of the following environment variables (listed in order of precedence):

* `GOOGLE_OAUTH_ACCESS_TOKEN`