Deploy an Ubuntu/Debian Google Cloud Platform server with Terraform

This guide provides the information you need to deploy an Ubuntu/Debian Google Cloud Platform Server with systemd using Terraform. Depending on your target server and enrollment type some topics in this guide may not apply to you, such as if your team's project will not be using terraform or if you plan to add a different server type to your project. Modify your steps as needed to fit your team or refer to a different guide on the cloud deployments page.

Creating a cloud server with Terraform means installing the Terraform tool on your personal machine and using an Access ID, enrollment token, and secret ID to create servers on the Amazon Web Services console. Once created, your new servers should list automatically within your team's console in Advanced Server Access.

Note: For this guide we used the ScaleFT ubuntu-basic StarterKit provided by Okta on Github as our terraform module. For your setup, use your company's Terraform repo for you production environment instead, though you should still end up with similar configuration values in your terraform.tfvars file.


You need the following permissions you need to deploy an Amazon Web Services Server with Terraform

Google Cloud Platform

Requirement Description
Google Cloud Platform account A Google Cloud Platform account is needed to access the AWS Management console, where you can create a virtual machine for your team.

Advanced Server Access

Requirement Description
Advanced Server Access team This is the top-level object that is representing an organization within Advanced Server Access.
Advanced Server Access project This is the authorization-scope of your team, organizing your users, groups, and servers.


Deploying an Amazon Web Services Server with Terraform can be done in the following steps:

  1. Download and install Terraform
  2. Create an Advanced Server Access enrollment token
  3. Create and save your Google Cloud Platform project ID
  4. Create and configure your terraform.tfvars file
  5. Enable the Google Compute Engine API for your project
  6. Run Terraform commands to create your server

Download and install Terraform

  1. Download the Terraform installer from the official site

  2. Unzip the downloaded file and run the unix executable

Create an Advanced Server Access enrollment token

  1. On the Advanced Server Access dashboard, click Projects.
  2. Select the project you want to add the server to.
  3. Select the Enrollment tab, then click Create Enrollment Token.

    Note: You can use the same enrollment token every time you add a server to your team. If you have already created an enrollment token, skip this step.

  4. Enter a description for the token, then click Submit.
  5. After the token has been successfully created, copy the string of characters from the Token field and store it in a safe location.

Create and save your Google Cloud Platform project ID

  1. Navigate to the Google Cloud Platform console and log in to your account
  2. Use the Select a project dropdown at the top of the page to click the New Project button

  3. Create a new name for your project and use the Location field to set its parent organization or folder
  4. Click Create when you are finished creating your project
  5. In your new Project's Dashboard, copy the Project ID number from the Project Info section and store it in a safe location

    Note: To find your project's dashboard, use the Select a project box at the top of the console

Create and configure your Terraform.tfvars file

  1. Open your machine's console and run the ls -a command to see the folders in your home directory

  2. Create a file named terraform.tfvars and add the following lines:

    project: "<project-id>"
  3. Replace <project-id> with the Project ID you copied from the Create and Save your Google Cloud Platform Project ID section
  4. Replace <enrollment-token> with the characters you copied from the Create an Advanced Server Access Enrollment Token section
  5. Save the file and place it in your Terraform module

Enable the Google Compute Engine API for your project

  1. Navigate to your project's dashboard in the Google Cloud Platform console

  2. In the left sidebar, use the APIs & Services tab to click the Dashboard option
  3. Click ENABLE APIS AND SERVICES under the search bar to navigate to the API Library
  4. Under Category on the left side of the page, click Compute
  5. Select the tab for Compute Engine API
  6. Click Enable

Run Terraform commands to create your server

  1. In your machine's console, run the which terraform command to confirm that your terraform path exists. Depending on your platform, the output should look something like the following: 


  2. Confirm that you are in your Terraform module before running the terraform init command to initialize the terraform program
  3. Confirm that the information you saved to you terraform.tfvars file is correct by running the terraform plan command. If you receive any errors, troubleshoot as needed before proceeding
  4. Run terraform apply to begin creating your servers. If prompted for approval, type yes and press return on your keyboard

Navigate to the Advanced Server Access console and confirm that your new servers are listed before attempting to SSH into your team's servers.