Automating GCP User Creation with Terraform for Training Labs (Step-by-Step Guide) By EduArn

 

Automating GCP User Creation with Terraform (For Training & Lab Environments)

Managing users manually in Google Cloud for training programs doesn’t scale—especially when you’re handling 10, 50, or 100+ learners.

At eduarn.com, we faced the same challenge while delivering retail and corporate training with hands-on labs. The solution?

👉 Infrastructure as Code using Terraform

This post walks you through a practical, working approach to:

• Create multiple users (1 → N)
• Assign IAM roles (Coordinator / Trainer access)
• Attach users to groups
• Enable seamless lab access

---

🧠 Why This Matters for Training Companies

When running cloud labs:

• Every learner needs controlled access
• Permissions must be secure and temporary
• Manual setup = errors + delays

Using Terraform with Google Cloud Platform:
✔️ Automates onboarding
✔️ Ensures consistency
✔️ Reduces operational effort by 80%

---

⚙️ Architecture Overview

We follow this structure:

• Users (Google Workspace / Cloud Identity)
• Groups (e.g., training-batch@domain.com)
• IAM Roles (Viewer / Editor / Custom Coordinator Role)
• Terraform for automation

---

🛠️ Step 1: Prerequisites

1. GCP Project created
2. Billing enabled
3. Cloud Identity / Workspace configured
4. Install Terraform
5. Enable APIs:
   • Cloud Identity API
   • IAM API

---

📁 Step 2: Terraform Provider Setup

provider "google" {
  project = "your-project-id"
  region  = "us-central1"
}

provider "googleworkspace" {
  customer_id = "your-customer-id"
}

---

👥 Step 3: Create Users (1 → N)

Define users dynamically:

variable "users" {
  type = list(object({
    first_name = string
    last_name  = string
    email      = string
    password   = string
  }))
}

Example input:

users = [
  {
    first_name = "John"
    last_name  = "Doe"
    email      = "john@yourdomain.com"
    password   = "TempPass123!"
  },
  {
    first_name = "Jane"
    last_name  = "Smith"
    email      = "jane@yourdomain.com"
    password   = "TempPass123!"
  }
]

Create users:

resource "googleworkspace_user" "users" {
  for_each = { for user in var.users : user.email => user }

  primary_email = each.value.email
  password      = each.value.password

  name {
    given_name  = each.value.first_name
    family_name = each.value.last_name
  }
}

---

👨‍👩‍👧 Step 4: Create Group (Batch आधारित)

resource "googleworkspace_group" "training_group" {
  email       = "batch1@yourdomain.com"
  name        = "Training Batch 1"
  description = "Group for training participants"
}

---

➕ Step 5: Add Users to Group

resource "googleworkspace_group_member" "members" {
  for_each = googleworkspace_user.users

  group_id = googleworkspace_group.training_group.id
  email    = each.value.primary_email
  role     = "MEMBER"
}

---

🔐 Step 6: Assign IAM Role (Coordinator Access)

Example: Assign Viewer or Custom Role

resource "google_project_iam_binding" "binding" {
  project = "your-project-id"
  role    = "roles/viewer"

  members = [
    for user in googleworkspace_user.users :
    "user:${user.primary_email}"
  ]
}

👉 You can replace with:

• roles/editor
• roles/owner
• Custom Coordinator Role

---

▶️ Step 7: Run Terraform

terraform init
terraform plan
terraform apply

✅ Users created
✅ Group assigned
✅ IAM roles attached

---

🧪 Real Use Case: Training & Lab Providers

At eduarn.com, we use this model to:

✔️ Create users for each training batch
✔️ Assign controlled lab access
✔️ Integrate with LMS + cloud labs
✔️ Auto-expire or revoke access post training

---

🏢 Vendor & Corporate Training Model

For enterprise clients:

• Separate project per batch/client
• Group-based access control
• Temporary credentials
• Audit + tracking enabled

👉 Vendors get:

• Pre-configured environments
• No manual setup
• Instant lab readiness

---

🎯 Best Practices

✔️ Use groups instead of individual IAM assignments
✔️ Implement least privilege access
✔️ Rotate or expire credentials
✔️ Use separate projects for isolation
✔️ Automate cleanup after training

---

💡 Final Thought

The future of training is not just content—it’s experience + infrastructure.

If you can:

• Deliver training
• Provide hands-on labs
• Automate onboarding

👉 You create a premium learning ecosystem

That’s exactly what we’re building at eduarn.com—bridging learning + real-world practice at scale.

---

If you want a ready-to-use Terraform repo or lab architecture for your training company, feel free to connect.

#Terraform #GCP #CloudTraining #DevOps #InfrastructureAsCode #EdTech #CorporateTraining #Eduarn