Terraform is an open-source infrastructure as code (IaC) tool created by HashiCorp. It allows us to define and provision infrastructure resources using a high-level configuration language known as HashiCorp Configuration Language (HCL), or optionally JSON. In this post, we will see a simple example where we'll be creating an EC2 instance in our AWS account.
Set up the AWS CLI
To configure the Terraform CLI to point to your AWS account, you need to set up AWS credentials and configure Terraform to use them. Here’s a step-by-step guide:1. Install the AWS CLI (Optional but Recommended)
- If you don't have the AWS CLI installed, check out this post. This will allow you to easily configure your AWS credentials.
- Install it using the package manager for your OS (e.g.,
brew install awscli
for macOS,sudo apt-get install awscli
for Ubuntu).
2. Configure AWS CLI
- Run the following command to set up your AWS credentials:
aws configure
- You'll be prompted to enter your AWS Access Key ID, AWS Secret Access Key, Default region name, and Default output format.
- This will create a credentials file located at
~/.aws/credentials
and a configuration file at~/.aws/config
.
3. Configure Terraform to Use AWS Credentials
There are several ways to configure Terraform to use your AWS credentials:Option 1: Use AWS CLI Credentials (Recommended)
- If you configured your credentials using the AWS CLI, Terraform will automatically pick them up.
- You don't need to do anything else if you are using the default profile. Terraform will use the credentials stored in
~/.aws/credentials
.
Option 2: Set Environment Variables
- You can set the AWS credentials directly as environment variables. Use the following commands:
export AWS_ACCESS_KEY_ID="your_access_key_id"
export AWS_SECRET_ACCESS_KEY="your_secret_access_key"
export AWS_DEFAULT_REGION="your_default_region"
- These environment variables will be used by Terraform to authenticate to your AWS account.
Option 3: Use a Terraform Provider Block
- You can explicitly define the AWS provider in your Terraform configuration file (
.tf
file):
provider "aws" {
access_key = "your_access_key_id"
secret_key = "your_secret_access_key"
region = "your_default_region"
}
- However, it's highly recommended to avoid hardcoding credentials in your configuration files for security reasons.
Install Terraform
- Download the appropriate Terraform binary package for your host (Linux 64-bit) using the
wget
command:
wget -c https://releases.hashicorp.com/terraform/0.13.4/terraform_0.13.4_linux_amd64.zip
- Unzip the downloaded file:
unzip terraform_0.13.4_linux_amd64.zip
- Place the Terraform binary in the
PATH
of the VM operating system so the binary is accessible system-wide to all users:
sudo mv terraform /usr/sbin/
- Check the Terraform version information:
terraform version
- Since the Terraform version is returned, you have validated that the Terraform binary is installed and working properly.
Get the info from your AWS account
For our terraform code we will need the following info from our AWS infra:The subnet id
- Go to your AWS console and open the VPC service
- On the left side bar click on Subnets and select the subnet where you’ll be creating the EC2 instance
- The Subnet ID should be in the details panel, below your list of subnets
The AMI id
- The Amazon Machine Image is the VM template that Amazon uses to create the EC2 instance. In this tutorial we’ll go for an Ubuntu v24.04 LTS. To get the ID, from the EC2 service page click on Launch an instance, pick up the AMI and we should find the AMI details on the right side.
Write our Terraform code
- Create a directory for our terraform code and cd into it
mkdir terraform
cd terraform
- Create a file called main.tf
vi main.tf
- Paste the following content
provider "aws" {
region = "eu-central-1"
}
resource "aws_instance" "vm" {
ami = "YOUR_AMI_ID"
subnet_id = "YOUR_SUBNET_ID"
instance_type = "t3.micro"
tags = {
Name = "my-terraform-ec2"
}
}
- Initialize the Terraform configuration and download the required providers:
terraform init
Test our code
Review the actions that will be performed when you deploy your code:terraform plan
1
resource: the EC2 instance you configured in your code. If you scroll up, you will notice that only the ami
, instance_type
, subnet_id
, and tags
properties are configured, as that was included in your code.Everything else, denoted with a
+
sign, will be created from scratch or will be populated when Terraform creates the resource upon deployment of your code.Deploy our code
Finally, deploy the code:terraform apply
Once the code has executed successfully, note in the output that
1
resource has been createdVerify that the resource was created correctly in the AWS Management Console.
Remove the EC2 from Terraform
One of the cool things about Terraform is that after we’re done with our infra we can quickly remove all the resources created by our script with just one command. For that, back in the CLI, type the command:terraform destroy
1
resource: the EC2 instance you just created.Note: You can also scroll through the rest of the plan output and view the properties of the resource that will be destroyed, if desired.
When prompted, type yes and press Enter.
In the notifications displayed in the CLI, note that the
aws_instance.vm
resource you created is now being destroyed.In the AWS Management Console, click the refresh button inside the Instances page and verify that the
my-terraform-ec2
instance no longer appears in the list.