Ds terraform intel gcm linux tdx vm

README.md

@@ -266,9 +266,11 @@ No modules.
 | <a name="input_boot_image_family"></a> [boot\_image\_family](#input\_boot\_image\_family) | The image from which to initialize this disk | `string` | `"ubuntu-2204-lts"` | no |
 | <a name="input_boot_image_project"></a> [boot\_image\_project](#input\_boot\_image\_project) | The ID of the project in which the source image resides. | `string` | `"ubuntu-os-cloud"` | no |
 | <a name="input_can_ip_forward"></a> [can\_ip\_forward](#input\_can\_ip\_forward) | Conditional that allows sending and receiving of packets with non-matching source or destination IPs. | `bool` | `false` | no |
+| <a name="input_confidential_instance_type"></a> [confidential\_instance\_type](#input\_confidential\_instance\_type) | n/a | `string` | `null` | no |
 | <a name="input_deletion_protection"></a> [deletion\_protection](#input\_deletion\_protection) | Enable deletion protection on this instance | `bool` | `false` | no |
 | <a name="input_description"></a> [description](#input\_description) | A brief description of this resource | `string` | `"Intel accelerated virtual machine."` | no |
 | <a name="input_desired_status"></a> [desired\_status](#input\_desired\_status) | Desired status of the instance. | `string` | `"RUNNING"` | no |
+| <a name="input_enable_confidential_compute"></a> [enable\_confidential\_compute](#input\_enable\_confidential\_compute) | n/a | `bool` | `false` | no |
 | <a name="input_enable_integrity_monitoring"></a> [enable\_integrity\_monitoring](#input\_enable\_integrity\_monitoring) | Compare the most recent boot measurements to the integrity policy baseline and return a pair of pass/fail results depending on whether they match or not. | `bool` | `true` | no |
 | <a name="input_enable_nested_virtualization"></a> [enable\_nested\_virtualization](#input\_enable\_nested\_virtualization) | Boolean that specifies if nested virtualization should be enabled or disabled on the instance. | `bool` | `false` | no |
 | <a name="input_enable_secure_boot"></a> [enable\_secure\_boot](#input\_enable\_secure\_boot) | Verify the digital signature of all boot components, and halt the boot process if signature verification fails. | `bool` | `false` | no |

examples/gcp-linux-tdx-vm/README.md

@@ -0,0 +1,64 @@
+<p align="center">
+  <img src="https://github.com/intel/terraform-intel-gcp-vm/blob/main/images/logo-classicblue-800px.png?raw=true" alt="Intel Logo" width="250"/>
+</p>
+
+# Intel Cloud Optimization Modules for Terraform
+
+© Copyright 2023, Intel Corporation
+
+## Intel GCP VM on default network
+
+This module creates a Intel Confiddential Compute Linux VM on the default network with Intel Xeon 4th Generation Scalable processors (code-named Sapphire Rapids) VM with Confidential Computing and Intel Trust Domain Extension (Intel TDX) technology.  
+
+Update the project with a your project id in GCP. It is located on the variables.tf file under this example folder for "GCP-Linux-VM"
+
+## Usage
+
+**See examples folder for complete examples.**
+
+variables.tf
+
+```hcl
+variable "project" {
+  type        = string
+  description = "The ID of the project in which the resource resides."
+}
+```
+
+main.tf
+```hcl
+# You will need to provide value of the variable project, which is your GCP project id when you do terraform apply
+
+module "linux_vm" {
+  source              = "intel/gcp-vm/intel"
+    project             = var.project
+    name                = "intel-tdx-linux01"
+
+ #required for Intel Confidential Compute VM with TDX
+ enable_confidential_compute = var.enable_confidential_compute
+ confidential_instance_type  = var.confidential_instance_type
+ on_host_maintenance = "TERMINATE"
+
+ access_config = [{
+    nat_ip                 = null
+    public_ptr_domain_name = null
+    network_tier           = "PREMIUM"
+  }, ]
+}
+```
+
+
+
+Run Terraform
+
+```hcl
+terraform init  
+terraform plan
+terraform apply -var="project=<your_your_gcp_project_id>" 
+```
+
+## Considerations
+Add additional considerations here:
+- The GCP zone can be updated in the providers.tf file under this example folder for "GCP-Linux-VM"
+- Update the project with a your project id in GCP. It is located on the variables.tf file under this example folder for "GCP-Linux-VM"
+- The VM is created using the default network in the GCP zone configured in the providers.tf file. Please make sure you have a default network in the GCP zone of your choice

examples/gcp-linux-tdx-vm/main.tf

@@ -0,0 +1,26 @@
+# --------------------------------------------------------
+#                     _       _       _
+#                    (_)     | |     | |
+#                     _ _ __ | |_ ___| |
+#                    | | '_ \| __/ _ \ |
+#                    | | | | | ||  __/ |
+#                    |_|_| |_|\__\___|_|
+# --------------------------------------------------------
+# Provision GCP virtual machine on Intel Xeon 4th Generation Scalable processors (code-named Sapphire Rapids) VM which supports Confidential Computing with Intel Trust Domain Extension (Intel TDX) technology
+# You will need to provide value of the variable project, which is your GCP project id when you do terraform apply
+module "linux_vm" {
+  source              = "intel/gcp-vm/intel"
+    project             = var.project
+    name                = "intel-tdx-linux01"
+
+ #required for Intel Confidential Compute VM with TDX
+ enable_confidential_compute = var.enable_confidential_compute
+ confidential_instance_type  = var.confidential_instance_type
+ on_host_maintenance = "TERMINATE"
+
+ access_config = [{
+    nat_ip                 = null
+    public_ptr_domain_name = null
+    network_tier           = "PREMIUM"
+  }, ]
+}

examples/gcp-linux-tdx-vm/outputs.tf

@@ -0,0 +1,62 @@
+output "cpu_platform" {
+  value       = module.linux_vm.cpu_platform
+  description = "The CPU platform of the VM instance"
+}
+
+output "current_status" {
+  value       = module.linux_vm.current_status
+  description = "Current status of the VM instance"
+}
+
+output "id" {
+  value       = module.linux_vm.id
+  description = "An identifier for the resource"
+}
+
+output "instance_id" {
+  value       = module.linux_vm.instance_id
+  description = "The server-assigned unique identifier of this instance"
+}
+
+output "machine_type" {
+  value       = module.linux_vm.machine_type
+  description = "Type of the machine created"
+}
+
+output "min_cpu_platform" {
+  value       = module.linux_vm.min_cpu_platform
+  description = "Minimum CPU platform for the VM instance"
+}
+
+output "name" {
+  value       = module.linux_vm.name
+  description = "Unique name of the instance created"
+}
+
+output "self_link" {
+  value       = module.linux_vm.self_link
+  description = "The URI of the created resource"
+}
+
+output "boot_disk_size" {
+  value       = module.linux_vm.boot_disk_size
+  description = "Size of the boot disk of the instance"
+}
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+

examples/gcp-linux-tdx-vm/providers.tf

@@ -0,0 +1,3 @@
+provider "google" {
+  zone = "us-central1-a"
+}

examples/gcp-linux-tdx-vm/variables.tf

@@ -0,0 +1,17 @@
+variable "project" {
+  type        = string
+  description = "The ID of the project in which the resource resides."
+}
+
+#required for Intel Confidential Compute VM with TDX
+variable "enable_confidential_compute" {
+  description = "Enable confidential computing"
+  type        = bool
+  default     = true
+}
+
+variable "confidential_instance_type" {
+  description = "Type of confidential instance"
+  type        = string
+  default     = "TDX"
+}

main.tf

@@ -63,6 +63,12 @@ resource "google_compute_instance" "instance" {
     }
   }
 
+ #Required for optional Intel Confidential Compute with TDX
+confidential_instance_config {
+    enable_confidential_compute = var.enable_confidential_compute
+    confidential_instance_type  = var.confidential_instance_type
+  }
+
   # Networking
   can_ip_forward = var.can_ip_forward
   network_interface {

variables.tf

@@ -285,4 +285,14 @@ variable "user_data" {
   type        = string
   description = "User data to be placed on the instance. Used to place cloud-init on VMs"
   default     = null
+}
+
+variable "enable_confidential_compute" {
+  type    = bool
+  default = false
+}
+
+variable "confidential_instance_type" {
+  type    = string
+  default = null
 }