Allow SSH access to GCP VM instances provisioned with Terraform

Question

I'm trying to create VM instances on GCP using Terraform. Instances do get created but I can't seem to have SSH access to the instances. My tf file:

# Cloud Provider
provider "google" {
  version = "3.5.0"
  credentials = file("./terraform-service-account.json")
  project = "terraform-279210"
  region  = "us-central1"
  zone    = "us-central1-c"
}
# Virtual Private Network
resource "google_compute_network" "vpc_network" {
  name = "terraform-network"
}
# VM Instance
resource "google_compute_instance" "demo-vm-instance" {
  name         = "demo-vm-instance"
  machine_type = "f1-micro"
  tags         = ["demo-vm-instance"]
  boot_disk {
    initialize_params {
      image = "debian-cloud/debian-9"
    }
  }
  metadata = {
    ssh-keys = "demouser:${file("./demouser.pub")}"
  }
  network_interface {
    network = google_compute_network.vpc_network.name
    access_config {
    }
  }
}

ssh -i demouser demouser@<vm-external-ip> returns

ssh: connect to host <vm-external-ip> port 22: Operation timed out

Looks like firewall rules block TCP connections through port 22 as nc -zv <vm-external-ip> 22 doesn't succeed.

Answer 1

Create firewall rules using following

resource "google_compute_firewall" "ssh-rule" {
  name = "demo-ssh"
  network = google_compute_network.vpc_network.name
  allow {
    protocol = "tcp"
    ports = ["22"]
  }
  target_tags = ["demo-vm-instance"]
  source_ranges = ["0.0.0.0/0"]
}