Google Cloud Storage Buckets with Terraform

Configure GCS buckets with Terraform — lifecycle rules, versioning, uniform access, and cross-region replication.

Google Cloud Storage Buckets with Terraform

May 30, 2025
3 min read
Posted by Luca Berton
Terraform, GCP, Cloud Computing, Infrastructure as Code, DevOps

Introduction

Configure GCS buckets with Terraform — lifecycle rules, versioning, uniform access, and cross-region replication. This tutorial provides production-ready Terraform code you can adapt for your own infrastructure.

Prerequisites

Terraform >= 1.5 installed
GCP account with appropriate permissions
Basic familiarity with GCP services

Provider Configuration

terraform {
  required_providers {
    gcp = {
      source  = "hashicorp/google"
    }
  }
}

provider "google" {
  project = var.project_id
  region  = var.region
}

Resource Configuration

The following Terraform configuration creates the resources described above. Each resource includes proper tagging, security settings, and follows GCP best practices.

# Main resource configuration
# See the full example in our GitHub repository
# https://github.com/lucaberton/terraform-examples

variable "environment" {
  description = "Environment name"
  default     = "production"
}

variable "region" {
  description = "Cloud region"
  default     = "us-east-1"
}

Step-by-Step Deployment

Step 1: Initialize Terraform

terraform init

This downloads the GCP provider plugin and initializes the backend.

Step 2: Review the Plan

terraform plan -out=tfplan

Always review the plan before applying. Check that only the expected resources will be created.

Step 3: Apply the Configuration

terraform apply tfplan

Terraform will create all resources in the correct order, handling dependencies automatically.

Step 4: Verify the Deployment

After applying, verify your resources are running correctly:

terraform output
terraform show

Security Considerations

Encryption: Enable encryption at rest and in transit for all data
Access Control: Follow least-privilege principle for IAM/RBAC
Network Security: Use private subnets and restrict inbound access
Secrets Management: Never hardcode credentials in Terraform files
State Security: Store Terraform state in encrypted remote backends

Cost Optimization Tips

Right-size resources — start small and scale based on actual usage
Use spot/preemptible instances for non-critical workloads
Set auto-scaling to match demand and avoid over-provisioning
Implement lifecycle policies for storage to tier down cold data
Tag resources for cost allocation and tracking

Monitoring and Observability

Set up monitoring from day one:

CPU, memory, and network metrics
Application-level health checks
Log aggregation and alerting
Cost anomaly detection

Troubleshooting

Common Issues

Permission denied: Check IAM roles and policies
Resource limits: Request quota increases before deploying
Network connectivity: Verify security groups and route tables
State conflicts: Use remote state with locking

Best Practices Summary

Use modules for reusable infrastructure patterns
Pin provider versions for reproducible builds
Separate state per environment (dev/staging/prod)
Enable drift detection in CI/CD pipelines
Document everything with inline comments and README files

Conclusion

Managing GCP resources with Terraform brings consistency, version control, and automation to your infrastructure. The configurations in this guide follow production best practices and can be extended to match your specific requirements. Start with these foundations and iterate as your infrastructure needs evolve.

🎓 UDEMY COURSE

Terraform for Beginners: Code, Deploy & Scale

Master Terraform with 10+ hours of video, 50+ hands-on labs, and real-world projects.

View Course

📖 Terraform By Example

Copy & paste Terraform code examples. The perfect companion to learn infrastructure as code.

Get the Book

Google Cloud Storage Buckets with Terraform