Cheulong Sear

Posted on Jun 6

Setup Terraform for AWS

#terraform #aws #devops #iac

Before we start, let me talk briefly about each tools and what is it used for:

Terraform is Infrastructure as Code(IaC) tool from HashiCorp that automates the provisioning, updating, and destruction of infrastructure resources.
AWS is a cloud computing platform. AWS offers a wide range of cloud services, including compute, storage, networking, analytics, and AI.

Let start

Install Terraform

Here we use Ubuntu, Install Terraform - Ubuntu

sudo wget -O - https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(grep -oP '(?<=UBUNTU_CODENAME=).*' /etc/os-release || lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list
sudo apt update && sudo apt install terraform

Then run terraform -v

Terraform v1.11.4
on linux_amd64

Your version of Terraform is out of date! The latest version
is 1.12.1. You can update by downloading from https://developer.hashicorp.com/terraform/install

Install AWS CLI

We can just follow the official instruction, Install AWS CLI

curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install

Then run aws --version

aws-cli/2.27.30 Python/3.13.3 Linux/6.11.0-26-generic exe/x86_64.ubuntu.24

Setup AWS Profile

We need to create the access key in AWS first.
Go to AWS Console > IAM > Users and click the user (create one if there is not)

Click on Security credentials, scroll down and click Create access key

Click Command Line Interface (CLI) > Next > Copy or Download the key (Access key and Secret access key) > Done

Config AWS Credentials

type aws configure in terminal to config AWS credentials via CLI, paste Access Key and Secret Access Key

To verify if you setup correctly you can type aws configure list

Terraform Configuration

Create main.tf and config aws provider as in the document AWS Provider

# main.tf
# We strongly recommend using the required_providers block to set the
# AWS Provider source and version being used
terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 5.0"
    }
  }
}

# Configure the AWS Provider
provider "aws" {
  region = "us-east-1"
}

# Create a VPC
resource "aws_vpc" "example" {
  cidr_block = "10.0.0.0/16"
}

type terraform init to initializing the backend

then, type terraform validate to validate the code

next, we run terraform plan, this will compare the actual state and desire state and show the plan what is the config will do.

Finally, terraform apply to apply to Azure cloud

Terraform also allows you to modify the config code.

# Add name to vpc
resource "aws_vpc" "example" {
  tags = {
    Name = "example-vpc"
  }
  cidr_block = "10.0.0.0/16"
}

type terraform validate, then terraform plan, then terraform apply

We also can destroy resources via terraform destroy command

Caution terraform destroy will remove all resources that mention in the config, you should modify the config and use terraform apply instead.

Common commands

terraform init: to initializing the backend
terraform fmt: to format the terraform code
terraform validate: to validate the terraform code
terraform plan: to compare the actual state and desire state
terraform apply: to apply change to the actual infrastructure
terraform destroy: to remove the resource from the cloud infrastructure

Best practice

Manipulate state only through TF commands
Remote State
State Locking
Back up State File
Use 1 State per Environment
Host TF code in Git repository
CI for TF Code
Execute TF only in an automated build

DEV Community