In this lab, we create a custom service account with granular IAM permissions, then use the service account when creating a Compute Engine instance that will run the WordPress blogging software connected to a Cloud SQL database.
Successfully complete this lab by achieving the following learning objectives:
- Create a Cloud SQL Instance
- Create a new Cloud SQL MySQL instance with the name wordpress-db.
- Generate a root password and note it for later.
- Make sure you have the Region set as us-central1 and the Zone as Any.
- Under Connectivity, tick Private IP.
- Enable Service Networking API.
- Untick Public IP to remove public IP connections from this instance.
- Change the machine type to db-g1-small.
- Create a Custom Service Account
- Create a new service account named wordpress-app.
- When prompted to Grant this service account access to project, type SQL in the Select a role box to search roles, then select Cloud SQL Client.
- Create the WordPress Instance on Compute Engine
- Create a new instance named wordpress.
- Set the Region to us-central1 (the console will choose a zone for you).
- Change the Machine type to e2-small.
- Have the instance deploy a container to the VM instance, and use the container wordpress.
- For our service account, make sure to select wordpress-app.
- Allow all HTTP traffic on the instance.
- Use the VM’s External IP link to see the WordPress language selection screen.
- Set Up WordPress and the Database
Before we configure WordPress, we must first create the database inside our new Cloud SQL instance.
- Take note of the private IP for our wordpress-db instance.
- Create a new database with the name wordpress.
Complete the rest of these steps in WordPress:
- Choose your preferred language, then on the next screen click Let’s go!.
- Update the connection details to match the following:
- Database name: wordpress
- Username: root
- Password: The root password you noted earlier.
- Database Host: The private IP you noted earlier.
- Table Prefix: wp_
- Run the installation.