How to create a VPC in AWS with Terraform

Terraform is an open-source infrastructure as code (IaC) tool created by HashiCorp. It allows us to define and provision infrastructure resources using a high-level configuration language known as HashiCorp Configuration Language (HCL), or optionally JSON. In this post, we will see a simple example where we'll be creating a VPC in our AWS account. 

Set up the AWS CLI

To configure the Terraform CLI to point to your AWS account, you need to set up AWS credentials and configure Terraform to use them. Here’s a step-by-step guide:

1. Install the AWS CLI (Optional but Recommended)

  • If you don't have the AWS CLI installed, check out this post. This will allow you to easily configure your AWS credentials.
  • Install it using the package manager for your OS (e.g., brew install awscli for macOS, sudo apt-get install awscli for Ubuntu).

2. Configure AWS CLI

  • Run the following command to set up your AWS credentials:
aws configure
  • You'll be prompted to enter your AWS Access Key ID, AWS Secret Access Key, Default region name, and Default output format.
  • This will create a credentials file located at ~/.aws/credentials and a configuration file at ~/.aws/config.

3. Configure Terraform to Use AWS Credentials

There are several ways to configure Terraform to use your AWS credentials:


Option 1: Use AWS CLI Credentials (Recommended)

  • If you configured your credentials using the AWS CLI, Terraform will automatically pick them up.
  • You don't need to do anything else if you are using the default profile. Terraform will use the credentials stored in ~/.aws/credentials.


Option 2: Set Environment Variables

  • You can set the AWS credentials directly as environment variables. Use the following commands:
export AWS_ACCESS_KEY_ID="your_access_key_id"
export AWS_SECRET_ACCESS_KEY="your_secret_access_key"
export AWS_DEFAULT_REGION="your_default_region"
  • These environment variables will be used by Terraform to authenticate to your AWS account.


Option 3: Use a Terraform Provider Block

  • You can explicitly define the AWS provider in your Terraform configuration file (.tf file):
provider "aws" {
access_key = "your_access_key_id"
secret_key = "your_secret_access_key"
region = "your_default_region"
}
  • However, it's highly recommended to avoid hardcoding credentials in your configuration files for security reasons.


Install Terraform

Download the appropriate Terraform binary package for your host (Linux 64-bit) using the wget command:
wget -c https://releases.hashicorp.com/terraform/0.13.4/terraform_0.13.4_linux_amd64.zip

Unzip the downloaded file:

unzip terraform_0.13.4_linux_amd64.zip

Place the Terraform binary in the 
PATH of the VM operating system so the binary is accessible system-wide to all users:
sudo mv terraform /usr/sbin/

Check the Terraform version information:

terraform version

Since the Terraform version is returned, you have validated that the Terraform binary is installed and working properly.



Write our Terraform code

  • Create a directory for our terraform code and cd into it
mkdir terraform
cd terraform
  • Create a file called main.tf
vi main.tf
  • Paste the following content
provider "aws" {
region = "eu-central-1"
}

resource "aws_vpc" "my-terraform-vpc" {
cidr_block = "10.0.0.0/16"
enable_dns_support = true
enable_dns_hostnames = true
tags = {
Name = "my-terraform-vpc"
environment = "dev"
}
}

  • Initialize the Terraform configuration and download the required providers:
terraform init


Test our code

Review the actions that will be performed when you deploy your code:
terraform plan


In this case, it will create 1 resource: the VPC you configured in your code. Notice that only the cidr_block, enable_dns_hostnames, enable_dns_support and the tags properties are configured, as that was included in your code.
Everything else, denoted with a + sign, will be created from scratch or will be populated when Terraform creates the resource upon deployment of your code.

Deploy our code

Finally, deploy the code:
terraform apply
When prompted, type yes and press Enter.
Once the code has executed successfully, note in the output that 1 resource has been created
Verify that the resource was created correctly in the AWS Management Console.

Remove the VPC from Terraform

One of the cool things of Terraform is that after we’re done with our infra we can quickly remove all the resources created by our script with just one command. For that, back in the CLI, type the command:
terraform destroy
In the plan output, notice that it will destroy 1 resource: the VPC you just created.
Note: You can also scroll through the rest of the plan output and view the properties of the resource that will be destroyed, if desired.
When prompted, type yes and press Enter.

In the AWS Management Console, click the refresh button inside the VPCs page and verify that the my-terraform-vpcno longer appears in the list.

Previous Post Next Post