GCP Infrastructure manager terraform for elastic-agent

[amirbenun]

Summary of your changes

Replaces deprecated GCP Deployment Manager with modern Infrastructure Manager (Terraform) for deploying Elastic Agent CSPM integration. Provides identical resources with improved tooling and user experience.

New Directory: deploy/infrastructure-manager/gcp-elastic-agent/ Files Added:

main.tf - Main infrastructure configuration (compute instance, network, service account, IAM bindings)
variables.tf - Input variable definitions
outputs.tf - Deployment outputs
service_account.tf - Standalone service account deployment for agentless mode
terraform.tfvars.example - Example configuration for main deployment
service_account.tfvars.example - Example configuration for SA-only deployment
README.md - Comprehensive deployment guide

Resources Created

Identical to Deployment Manager implementation:
Compute instance (Ubuntu, n2-standard-4, 32GB disk) with Elastic Agent pre-installed
Service account with roles/cloudasset.viewer and roles/browser
VPC network with auto-created subnets
IAM bindings (project or organization scope)
Optional SSH firewall rule

Compatibility

The new deployment script infrastructure-manager/deploy.sh is compatible with kibana deployment command of the form:

gcloud config set project elastic-security-test && \
FLEET_URL=https://a6f784d2fb4d48bea7724fbe41ef17d3.fleet.us-central1.gcp.qa.elastic.cloud:443 \
ENROLLMENT_TOKEN=<REDUCTED> \
STACK_VERSION=9.2.3 \
./deploy.sh

Related Issues

• Resolves: Replace GCP deployment-manager scripts with infrastructure-manager #3132

[mergify]

This pull request does not have a backport label. Could you fix it @amirbenun? 🙏
To fixup this pull request, you need to add the backport labels for the needed
branches, such as:

• backport-v./d./d./d is the label to automatically backport to the 8./d branch. /d is the digit
• backport-active-all is the label that automatically backports to all active branches.
• backport-active-8 is the label that automatically backports to all active minor branches for the 8 major.
• backport-active-9 is the label that automatically backports to all active minor branches for the 9 major.

[Copilot]

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

[amirbenun]

A common failure is when the artifacts server is not configured well, I tested this use case to create a good user experience and surface the error to the GCP cloudshell and console:

[olegsu]

Suggested change

	1. Go to [Infrastructure Manager Console](https://console.cloud.google.com/infrastructure-manager/deployments/create)
	1. Go to [Infrastructure Manager Console](https://console.cloud.google.com/infra-manager/deployments/create)

[olegsu]

Infrastructure manager requires the values to be in JSON format. Can you clarify in the example how to pass it?

[amirbenun]

That's a strange behavior on their UI but string values should be wrapped with ""

[olegsu]

This URL leads to 404 (after I change the branch and the repo owner), any idea why?
(the url in [elastic/integrations](https://github.com/elastic/integrations/blob/main/packages/cloud_security_posture/manifest.yml#L172C22-L172C235 is a bit different)

[amirbenun]

Can you try setting my branch and my repo instead?
https://github.com/amirbenun/cloudbeat.git
infra-manager-agent

This link works for me
https://shell.cloud.google.com/cloudshell/editor?cloudshell_git_repo=https://github.com/amirbenun/cloudbeat.git&cloudshell_git_branch=infra-manager-agent&cloudshell_workspace=deploy/infrastructure-manager/gcp-elastic-agent&show=terminal&ephemeral=true