Update a deployment

This page describes how to use Infrastructure Manager to update a deployment. Cases where you may update a deployment include:

To return your infrastructure to a chosen state.

When you create a deployment, after some time resources may have changed. For example, some of the resources may have been modified by someone working in the console. You can update the deployment using the original Terraform configuration to return it to the chosen state.
To implement changes to the infrastructure.

After you create a deployment, you may want to modify the infrastructure. For example, adding new resources or changing some of the configuration. You can update the deployment using a Terraform configuration that describes the new infrastructure.

This page assumes you are familiar with Terraform. For details, see Terraform and Infra Manager.

Before you begin

Ensure Infra Manager is enabled.
Ensure that you have the IAM permissions needed to create deployments: roles/config.admin
Ensure you have a service account with the needed permissions. For details, see Configure the service account.
Identify the Infra Manager deployment to update.
Identify the Terraform configuration to deploy for the update. Any configuration can be used for a revision. This configuration is often an identical or updated version of the configuration already deployed.

Ensure this Terraform configuration complies with the constraints, including that the configuration does not contain sensitive data.
Confirm your organization's quota for products associated with your intended infrastructure. You may face deployment errors if your intended infrastructure exceeds your organization's quota for the products your deployment uses. See quotas and limits for more information.
Take any necessary steps for data migration or service continuity for the resources that you are modifying.
If you want to preview the update before configuring resources, then see Preview an update to a deployment.

Grant permissions specific to the configuration

To deploy Google Cloud resources that are specified in the Terraform configuration, the service account that you use to call Infra Manager needs permissions that are specific to:

Google Cloud resources defined in the configuration that you are using for the revision.
If the configuration you're using for the revision defines different resources than the configuration used for the deployment, then you need permissions for the resources defined in both configurations.

The permissions specific to the resources defined in the configuration are in addition to the permissions that the service account needs to use the Infra Manager service.

For details about granting permissions for the Google Cloud resources and ensuring you have access to the needed projects, see Configure the service account.

Connect your private Git repository and host to Cloud Build

If you are deploying a Terraform configuration from a private Git repository, you need to connect your Git host and repository to Cloud Build.

GitHub

GitHub Enterprise

GitLab

GitLab Enterprise

Update a deployment

To update a deployment, you deploy a configuration using the same deployment name, and this creates a revision. For more details, see Deployments and revisions overview.

If you don't have an existing deployment, see Deploy infrastructure using Infra Manager.

To preview an update without provisioning resources, see Preview a deployment.

Select the tab with your chosen workflow for more information about how to update a deployment.

Console

This section describes updating a Terraform configuration using Infra Manager in Google Cloud console.

Deploy the configuration and create a revision:

In Google Cloud console, go to the Infra Manager page.
Go to Infra Manager
On the Deployments page, look in the ID column and click the deployment you want to update.
On the page titled with your deployment ID, click Edit.
On the Deployment details page, you can modify the Terraform version, Service account, and the Source of Terraform configuration fields. If you provide a private Git repository, ensure that you have connected your host and repository to Cloud Build.
Click Continue.

Note: You cannot modify the Deployment ID or Region parameters of a deployment after it has been created.
On the Terraform details page, you can modify Input values for the Terraform configuration. Click Continue.
On the Advanced details page, you can modify the Labels and annotations, Worker pools, and Artifact Cloud Storage bucket fields.
Click Update once you're satisfied with the changes you've made to your deployment to start the update process.

For more information about deployment parameters and their formats, see Deploy resources documentation.

gcloud CLI

This section describes deploying a Terraform configuration that is stored in a Cloud Storage bucket. A storage bucket lets you control access to the configuration.

Ensure the Terraform configuration is in a Cloud Storage bucket. See Upload a configuration to a storage bucket for more details.
If the storage bucket is in a different project from the project where you are running Infra Manager, then you need to ensure that Infra Manager's service account has read permission for the bucket. See Configure the service account for more details.

If the storage bucket is in the same project as Infra Manager, read permission to the bucket is already enabled.

Deploy the configuration and create a revision:

gcloud infra-manager deployments apply projects/PROJECT_ID/locations/LOCATION/deployments/DEPLOYMENT_ID \
        --service-account projects/SERVICE_ACCOUNT_PROJECT_ID/serviceAccounts/SERVICE_ACCOUNT \
        --gcs-source gs://BUCKET_NAME/OBJECT_NAME \
        --quota-validation=QUOTA_VALIDATION \
        --input-values=INPUT_1_NAME=VALUE,INPUT_2_NAME=VALUE \
        --tf-version-constraint=TERRAFORM_VERSION \
        --annotation="ANNOTATION_KEY=ANNOTATION_VALUE"

Replace:

PROJECT_ID: the project ID where Infra Manager runs.
LOCATION: the location where Infra Manager runs. See Infra Manager locations for the list of valid locations.
DEPLOYMENT_ID: the deployment identifier that you specify. See Deployment name for details about constraints on the deployment identifier.
SERVICE_ACCOUNT_PROJECT_ID is the project ID of the service account. It's common for this to be the same project where Infra Manager runs.
SERVICE_ACCOUNT: the name of the service account you use to call Infra Manager.
BUCKET_NAME: the name of the storage bucket where the configuration is stored.
OBJECT_NAME: the object name of the configuration file. This object can be a directory or a zip file, but not a Terraform file. If you are using object versioning, you can also specify the object's generation number. For more details, see Use versioned objects.
If the storage bucket is the root path of the Terraform configuration, then OBJECT_NAME is optional.
Optional: QUOTA_VALIDATION: the value that determines whether quota validation for resources in your Terraform configuration files is enabled or enforced when you create a deployment. Possible values include:
- ENABLED: Enable computing quota validation for resources in Terraform configuration files. Provides visibility on resources with insufficient quotas.
- ENFORCED: Enforce quota validation so that your deployment will fail if there isn't sufficient quota available for the infrastructure defined in your Terraform configuration file.
If QUOTA_VALIDATION is not defined, quota validation on Terraform configuration files will be disabled. This is the default value. Quota validation applies on limited Google Cloud resources. For more information, see Quotas and limits.
INPUT_1_NAME and INPUT_2_NAME: any input values in the Terraform configuration, including ones that are not defined by default. For example, you could specify the project where you deploy the resources as project_id=my-project.

If all input values are defined by default in the configuration, then this flag is optional.
Optional:TERRAFORM_VERSION: the version of Terraform for Infra Manager to use to create the deployment. See supported Terraform version for the list of supported versions. If you remove this optional flag, the latest supported version of Terraform is used.
Optional: ANNOTATION_KEY and ANNOTATION_VALUE represent a key-value pair of free-form text that can be attached to your Infra Manager deployments. For more information about the use and constraints of annotations and labels, see Annotations and labels.

gcloud CLI

This section describes how to work with a Terraform configuration that is stored in a Git repository.

Ensure that you have installed Git.
If your Terraform configuration is stored in a private Git repository, ensure your Git host and repository are connected to Cloud Build.

Deploy the configuration and create a revision:

gcloud infra-manager deployments apply projects/PROJECT_ID/locations/LOCATION/deployments/DEPLOYMENT_ID \
        --service-account projects/SERVICE_ACCOUNT_PROJECT_ID/serviceAccounts/SERVICE_ACCOUNT \
        --git-source-repo="GIT_REPO" \
        --git-source-directory="DIRECTORY" \
        --git-source-ref="REF" \
        --quota-validation=QUOTA_VALIDATION \
        --input-values=INPUT_1_NAME=VALUE,INPUT_2_NAME=VALUE \
        --tf-version-constraint=TERRAFORM_VERSION \
        --annotation="ANNOTATION_KEY=ANNOTATION_VALUE"

Replace:

PROJECT_ID: the project ID where Infra Manager runs.
LOCATION: the location where Infra Manager runs. See Infra Manager locations for the list of valid locations.
DEPLOYMENT_ID: the deployment identifier that you specify. See Deployment name for details about constraints on the deployment identifier.
SERVICE_ACCOUNT_PROJECT_ID is the project ID of the service account. It's common for this to be the same project where Infra Manager runs.
SERVICE_ACCOUNT: the name of the service account you use to call Infra Manager.
GIT_REPO: the Git repository.
DIRECTORY: the directory that has the Terraform configuration.
Optional: REF: the Git reference of the configuration. The reference is optional. If you don't specify the reference, the Git repository's default configured branch is used.
Optional: QUOTA_VALIDATION: the value that determines whether quota validation for resources in your Terraform configuration files is enabled or enforced when you create a deployment. Possible values include:
- ENABLED: Enable computing quota validation for resources in Terraform configuration files. Provides visibility on resources with insufficient quotas.
- ENFORCED: Enforce quota validation so that your deployment will fail if there isn't sufficient quota available for the infrastructure defined in your Terraform configuration file.
If QUOTA_VALIDATION is not defined, quota validation on Terraform configuration files will be disabled. This is the default value. Quota validation applies on limited Google Cloud resources. For more information, see Quotas and limits.
INPUT_1_NAME and INPUT_2_NAME: any input values in the Terraform configuration, including ones that are not defined by default. For example, you could specify the project where you deploy the resources as project_id=my-project.

If all input values are defined by default in the configuration, then this flag is optional.
Optional:TERRAFORM_VERSION: the version of Terraform for Infra Manager to use to create the deployment. See supported Terraform version for the list of supported versions. If you remove this optional flag, the latest supported version of Terraform is used.
Optional: ANNOTATION_KEY and ANNOTATION_VALUE represent a key-value pair of free-form text that can be attached to your Infra Manager deployments. For more information about the use and constraints of annotations and labels, see Annotations and labels.

gcloud CLI

This section describes how to work with a Terraform configuration that is stored on your local machine.

If you use Cloud Shell, then you need to upload the configuration to Cloud Shell. For details, see Manage files with Cloud Shell.

Deploy the configuration and create a revision:

gcloud infra-manager deployments apply projects/PROJECT_ID/locations/LOCATION/deployments/DEPLOYMENT_ID \
        --service-account projects/SERVICE_ACCOUNT_PROJECT_ID/serviceAccounts/SERVICE_ACCOUNT \
        --local-source="LOCAL_DIRECTORY" \
        --quota-validation=QUOTA_VALIDATION \
        --input-values=INPUT_1_NAME=VALUE,INPUT_2_NAME=VALUE \
        --tf-version-constraint=TERRAFORM_VERSION \
        --annotation="ANNOTATION_KEY=ANNOTATION_VALUE"

Replace:

PROJECT_ID: the project ID where Infra Manager runs.
LOCATION: the location where Infra Manager runs. See Infra Manager locations for the list of valid locations.
DEPLOYMENT_ID: the deployment identifier that you specify. See Deployment name for details about constraints on the deployment identifier.
SERVICE_ACCOUNT_PROJECT_ID is the project ID of the service account. It's common for this to be the same project where Infra Manager runs.
SERVICE_ACCOUNT: the name of the service account you use to call Infra Manager.
LOCAL_DIRECTORY: the local directory storing the Terraform configuration. If you are using Cloud Shell, this is the directory in Cloud Shell where the configuration is stored.
Optional: QUOTA_VALIDATION: the value that determines whether quota validation for resources in your Terraform configuration files is enabled or enforced when you create a deployment. Possible values include:
- ENABLED: Enable computing quota validation for resources in Terraform configuration files. Provides visibility on resources with insufficient quotas.
- ENFORCED: Enforce quota validation so that your deployment will fail if there isn't sufficient quota available for the infrastructure defined in your Terraform configuration file.
If QUOTA_VALIDATION is not defined, quota validation on Terraform configuration files will be disabled. This is the default value. Quota validation applies on limited Google Cloud resources. For more information, see Quotas and limits.
INPUT_1_NAME and INPUT_2_NAME: any input values in the Terraform configuration, including ones that are not defined by default. For example, you could specify the project where you deploy the resources as project_id=my-project.

If all input values are defined by default in the configuration, then this flag is optional.
Optional:TERRAFORM_VERSION: the version of Terraform for Infra Manager to use to create the deployment. See supported Terraform version for the list of supported versions. If you remove this optional flag, the latest supported version of Terraform is used.
Optional: ANNOTATION_KEY and ANNOTATION_VALUE represent a key-value pair of free-form text that can be attached to your Infra Manager deployments. For more information about the use and constraints of annotations and labels, see Annotations and labels.

What's next

Learn more about Terraform with Google Cloud.
Automate deployments.
View the state of a deployment.
View resources deployed.
Delete a deployment.