GCP Landing Zone
What It Does
One terraform apply and you get a full 3-tier production environment on GCP: frontend with autoscaling, private backend services, managed PostgreSQL, global HTTPS load balancing with WAF protection.
54 resources across 7 modules. Takes about 15 minutes to deploy, seconds to tear down.
Why I Built This
Every time I started a new GCP project, I spent days wiring up the same infrastructure — VPCs, firewall rules, IAM, load balancers, SSL certs. It's the same pattern every time, but the details are easy to get wrong.
This template codifies the patterns I've used across multiple production deployments into something repeatable.
What's Included
- Network isolation: Separate subnets for frontend, backend, and database tiers with VPC peering
- Defense in depth: Cloud Armor WAF, private service access, least-privilege IAM
- Managed database: Cloud SQL PostgreSQL 15 with private networking and automated backups
- Global load balancing: Cloud CDN + HTTPS with managed SSL certificates
- Secrets management: Secret Manager integration, no plaintext credentials
The Stack
- IaC: Terraform with modular structure (network, compute, database, security, load balancing, secrets, IAM)
- Compute: Managed Instance Groups with autoscaling
- Database: Cloud SQL PostgreSQL 15
- Security: Cloud Armor, Secret Manager, private VPC
- Cost: $3-5/day for the full stack
View the full presentation