.

main.tf

@@ -11,9 +11,13 @@ module "network" {
 
 module "backend" {
   source = "./modules/backend"
-  startup_script = module.network.startup_script
+  sa_email = "example@project-id.iam.gserviceaccount.com"
+  image_name = "backend-image"
+  project_id = var.project_id
+  region = var.region
 }
 
+
 module "nat_gateway" {
   source = "./modules/network/nat_gateway"
   network_name = module.network.network_name

modules/backend/main.tf

@@ -1,56 +1,26 @@
-terraform {
-  required_providers {
-    google = {
-      source = "hashicorp/google"
-      version = "~> 3.5.0"
-    }
-  }
-}
+# modules/backend/main.tf
 
-provider "google" {
-  project = var.project_id
-  region  = var.region
+variable "project_id" {}
+variable "region" {}
+
+module "network" {
+  source = "../network"
 }
 
 resource "google_compute_instance" "backend" {
   name         = "backend"
-  machine_type = "n1-standard-1"
-  tags         = ["backend"]
+  machine_type = "f1-micro"
+  zone         = "${var.region}-b"
 
   boot_disk {
     initialize_params {
-      image = var.image_name
+      image = "debian-cloud/debian-9"
     }
   }
 
-  metadata_startup_script = file("${path.module}/startup-script.sh")
-
   network_interface {
-    network = google_compute_network.backend_network.self_link
-    access_config {
-      // Allocate a one-to-one NAT IP to allow SSH and HTTP access
-    }
+    network = module.network.network_name
   }
 
-  service_account {
-    email  = var.sa_email
-    scopes = ["userinfo-email", "compute-ro", "storage-ro"]
-  }
-}
-
-resource "google_compute_firewall" "backend_firewall" {
-  name    = "allow-backend-internal"
-  network = google_compute_network.backend_network.self_link
-
-  allow {
-    protocol = "tcp"
-    ports    = ["8081-8082"]
-  }
-
-  source_tags = ["backend"]
-  target_tags = ["backend"]
-}
-
-output "backend_ip" {
-  value = google_compute_instance.backend.network_interface[0].access_config[0].nat_ip
+  metadata_startup_script = module.network.startup_script
 }