Deploy a GCP server with Terraform

This topic explains how to deploy an Ubuntu or Debian Google Cloud Platform (GCP) Server with systemd using Terraform. You may need to modify this process to fit your specific needs.

Creating a cloud server with Terraform means installing the Terraform tool on your personal machine and using an Access ID, enrollment token, and secret ID to create servers on the GCP console. After being created, your new servers should appear automatically within the Advanced Server Access dashboard

This topic uses the ScaleFT Starter Kit as its Terraform module. View the kit on GitHub. For your setup, use your company's Terraform repository for your production environment. The configuration values in your terraform.tfvars file should be similar to those outlined later in this topic.


Google Cloud Platform



Google Cloud Platform account A Google Cloud Platform account is needed to access the GCP console, where you create virtual machines for your team.

Advanced Server Access



Advanced Server Access team The top-level object that represents an Okta org within Advanced Server Access.
Advanced Server Access project The authorization-scope of your team, organizing your users, groups, and servers.

Download and install Terraform

  1. Download the Terraform installer. See the Terraform website.
  2. Unzip the downloaded file and run the unix executable.

Create an Advanced Server Access enrollment token

  1. From the Advanced Server Access dashboard, click Projects.
  2. Select the project you want to add the server to.
  3. Go to the Enrollment tab and click Create Enrollment Token.

    Note: You can use the same enrollment token every time you add a server to your team. If you have already created an enrollment token, skip this step.

  4. Enter a description for the token, then click Submit.

After the token has been successfully created, note the string of characters from the Token field and store them in a safe location.

Create a GCP project

  1. Navigate to the Google Cloud Platform console and sign in to your account.
  2. From the Select a project menu, click New Project.
  3. Create a new name for your project and use the Location field to set its parent organization or folder .
  4. Click Create when you've finished creating your project.
  5. From the dashboard of your new project, copy the Project ID number from the Project Info section and store it in a safe location.

    Note: To locate the project dashboard, use the Select a project field at the top of the console.

Create and configure your Terraform.tfvars file

  1. Create a file named terraform.tfvars and add the following text:

    project: "<project-id>"


  2. Replace <project-id> with your GCP project ID.
  3. Replace <enrollment-token> with your Advanced Server Access enrollment token.
  4. Save the file and place it in your Terraform module.

Enable the Google Compute Engine API for your project

  1. Navigate to your project's dashboard in the Google Cloud Platform console.
  2. In the left sidebar, use the APIs & Services tab to click the Dashboard option.
  3. Click ENABLE APIS AND SERVICES under the search bar to navigate to the API Library.
  4. Under Category on the left side of the page, click Compute.
  5. Select the tab for Compute Engine API.
  6. Click Enable.

Run Terraform commands to create your server

  1. In your machine's console, run which terraform to confirm that your Terraform path exists.

    Depending on your platform, the output should look something like: /users/user/bin/terraform

  2. Confirm that you are in your Terraform module, then run terraform init
  3. Confirm that the information in terraform.tfvars is correct by running terraform plan. If you receive any errors, troubleshoot as needed before proceeding.
  4. Run terraform apply to begin creating your servers.
    Enter yes if prompted for approval.

Confirm that your new servers are listed in Advanced Server Access before you attempt to connect to them.

Next steps

Verify server enrollment