DEV Community

Brian Mengo
Brian Mengo

Posted on

Terraform AWS Provider

#devops #aws #terraform #infrastructureascode

How Terraform Talks to the Cloud
We begin with an introductory concept of Terraform providers, which is basically a plugin bridging Terraform and cloud providers.
Providers translate Terraform's HCL (HashiCorp Configuration Language) code into API calls understood by cloud platforms like AWS, Azure, or GCP.
When provisioning a resource (e.g., an AWS S3 bucket), Terraform interacts with the cloud provider’s API via the corresponding provider plugin.

Role and Function of Terraform Providers

The provider plugin is responsible for translating Terraform’s configuration into API requests for the target service.
Terraform providers thus enable infrastructure as code by connecting declarative Terraform files with underlying API operations.

Types of Terraform Providers

There are three main categories of Terraform providers:

  1. Official providers: Maintained by the cloud providers themselves (e.g., AWS, Azure, GCP).
  2. Partner providers: Maintained by third-party organisations, not the cloud providers directly.
  3. Community providers: Maintained by the open-source community. Providers can target cloud APIs or other services such as Docker, Kubernetes, Prometheus, and Grafana.

Exploring Terraform AWS Provider Documentation

Users are encouraged to visit the official Terraform AWS provider page on the Terraform Registry (registry.terraform.io).
This page lists all AWS services supported by the provider, enabling provisioning across a broad range of AWS infrastructure components.

Importance of Version Locking and Compatibility

  • Using the latest Terraform or provider versions by default can cause compatibility issues if your Terraform code is not tested against those versions.
  • Version locking ensures stability by using the tested combination of Terraform core and provider versions.
  • Upgrading versions should be done cautiously: test in non-production environments before applying to production.

Understanding Version Constraints and Operators
Terraform supports several operators for version constraints:
Operator Meaning;

= Exact version match only
!= Excludes the specified version
<, <= Allows versions less than (or equal to) the specified version
>, >= Allows versions greater than (or equal to) the specified version
~> (Tilde Greater Than) Allows patch-level updates within the specified minor version (e.g., ~> 6.7.0 allows any version >= 6.7.0 but < 6.8.0)

The tilde operator ~> is commonly used to allow patch upgrades without crossing minor or major version boundaries, preserving compatibility.
Examples:
~> 6.7.0 allows versions 6.7.1, 6.7.2, etc., but not 6.8.0.
~> 1.0 allows versions 1.1, 1.2, etc., but not 2.0.

Creating a Basic Terraform Provider Configuration

# Configure the AWS Provider
provider "aws" {
  region = "us-east-1"
}

terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 6.0"
    }
  }
}

# Create a VPC
resource "aws_vpc" "example" {
  cidr_block = "10.0.0.0/16"
}
Enter fullscreen mode Exit fullscreen mode

This Terraform code tells Terraform to use the AWS provider and makes sure it uses a stable version of it. It then sets the AWS region to us-east-1, which means all resources will be created in that location. Finally, the code creates a VPC, which is like a private network inside AWS where you can later add servers, subnets, and other resources.

Terraform Init

  • Running terraform init or tf init downloads the necessary provider plugins and initialises Terraform in the working directory.
  • The provider plugin is downloaded automatically based on the system OS (Mac, Windows, Linux).
  • This step prepares Terraform to interact with the configured provider APIs.

Running terraform plan and Understanding its Output

terraform plan compares the current Terraform configuration with the real infrastructure state.
The plan shows which resources will be created, changed, or destroyed.

Authentication with AWS CLI
Terraform requires valid AWS credentials to interact with AWS services.
The simplest authentication method is running aws configure (AWS CLI tool) to input:

  • AWS Access Key ID
  • AWS Secret Access Key
  • Default region These credentials can be generated from the AWS Management Console under IAM users, with appropriate permissions (e.g., S3 full access). Credentials stored by AWS CLI are then used by Terraform automatically.

Best Practices I Learned
✔ Always specify provider versions
Never rely on defaults.

✔ Use version ranges (not just exact versions)
Keeps things safe but flexible.

✔ Test upgrades in a lower environment
Never update versions directly in production.

✔ Use terraform providers lock
It creates a .terraform.lock.hcl file to ensure consistent builds.

This makes your infrastructure “version-proof”.

Top comments (0)