The latest articles on DEV Community by Jay Panchal (@jaypnchl). https://dev.to/jaypnchl https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F1894439%2F127aa068-d04a-46fc-bcf2-2503a5268e9e.jpg https://dev.to/jaypnchl en Jay Panchal Sun, 11 Aug 2024 06:59:29 +0000 https://dev.to/jaypnchl/managing-aws-infrastructure-with-terraform-a-step-by-step-guide-19pf https://dev.to/jaypnchl/managing-aws-infrastructure-with-terraform-a-step-by-step-guide-19pf <h3> Introduction </h3> <p>In this article, we will use Terraform to manage AWS infrastructure. By the end of this article, you will be able to create and manage AWS resources such as VPCs, subnets, and EC2 instances, and automate the process of setting up and tearing down your infrastructure.</p> <h3> Prerequisites: </h3> <ol> <li>Terraform is installed on your system <ul> <li>If not installed, you can refer to this <a href="https://developer.hashicorp.com/terraform/tutorials/aws-get-started/install-cli" rel="noopener noreferrer">documentation</a>.</li> </ul> </li> <li>AWS Account <ul> <li>Most of the resources created are available with a free tier subscription.</li> <li>To create AWS account, you can refer to this <a href="https://aws.amazon.com/resources/create-account/" rel="noopener noreferrer">documentation</a>.</li> </ul> </li> </ol> <h3> Sections: </h3> <ol> <li>Terraform Basics (required for this project)</li> <li>Initialize Terraform with AWS Provider</li> <li>Creating necessary resources to allow SSH to AWS EC2 instance</li> <li>SSH to AWS EC2 instance</li> <li>Destroy all resources</li> </ol> <h3> 1. Terraform Basics </h3> <p>In this section, We will look at</p> <ol> <li>Provider Block</li> <li>Initialize Terraform</li> <li>Resource Block</li> <li>Plan and Apply Resource</li> <li>Destroy Resource</li> </ol> <p><strong>1.1. Provider Block</strong></p> <p>The Provider Block allows us to download code for specific resource providers as per our needs, making Terraform a lightweight and quick-to-setup IaC tool.</p> <p>Let’s look at base structure of provider block:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight jsx"><code><span class="nx">provider</span> <span class="dl">"</span><span class="s2">provider-name</span><span class="dl">"</span> <span class="p">{</span> <span class="p">...</span> <span class="p">}</span> </code></pre> </div> <ul> <li> <code>provider</code> - is a keyword that helps terraform identify the type of block.</li> <li> <code>provider-name</code> - determines which provider to be used. You can find all providers <a href="https://registry.terraform.io/browse/providers" rel="noopener noreferrer">here</a>.</li> </ul> <p><strong>1.2. Initialize Terraform</strong></p> <p>After mentioning all providers inside tf script, run:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight jsx"><code><span class="nx">terraform</span> <span class="nx">init</span> </code></pre> </div> <p>This will look for all providers and download the code so Terraform can work with their APIs.</p> <p><strong>1.3. Resource Block</strong></p> <p>Let’s look at base structure of resource block:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight jsx"><code><span class="nx">resource</span> <span class="dl">"</span><span class="s2">provider_resource-name</span><span class="dl">"</span> <span class="dl">"</span><span class="s2">name</span><span class="dl">"</span> <span class="p">{</span> <span class="p">...</span> <span class="p">}</span> </code></pre> </div> <ul> <li> <code>resource</code> - is a keyword that helps Terraform identify the type of block.</li> <li> <code>provider_resource-name</code> - the name of the resource we want to work with.</li> </ul> <p>For example, if we want to create VPC in AWS, as the provider name of AWS is “aws” and the resource name is “vpc” we will right it as:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight jsx"><code><span class="nx">resource</span> <span class="dl">"</span><span class="s2">aws_vpc</span><span class="dl">"</span> <span class="dl">"</span><span class="s2">name</span><span class="dl">"</span> <span class="p">{</span> <span class="p">...</span> <span class="p">}</span> </code></pre> </div> <ul> <li> <code>name</code> - this name is used inside Terraform to uniquely identify the resource. The scope is only inside Terraform.</li> </ul> <p><strong>1.4. Plan and Apply Resource</strong></p> <p>After creating resources, run:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight jsx"><code><span class="nx">terraform</span> <span class="nx">plan</span> </code></pre> </div> <p>This will provide a detailed output of changes that will be done as per your current Terraform files.</p> <p>Its best practice to run this before applying the resources.</p> <p>After verifying the plan, proceed to apply it:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight jsx"><code><span class="nx">terraform</span> <span class="nx">apply</span> </code></pre> </div> <p>This will apply the changes and create resources. For us, AWS resources.</p> <p>To apply a specific resource, use:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight jsx"><code><span class="nx">terraform</span> <span class="nx">apply</span> <span class="o">--</span><span class="nx">target</span> <span class="nx">resouce</span><span class="p">.</span><span class="nx">name</span> <span class="nx">example</span><span class="p">:</span> <span class="nx">terraform</span> <span class="nx">destroy</span> <span class="o">--</span><span class="nx">target</span> <span class="nx">aws_vpc</span><span class="p">.</span><span class="nx">vpc</span> </code></pre> </div> <p>The above example will only apply the changes to <code>aws_vpc</code> resource named “vpc”.</p> <p><strong>1.5. Destroy Resource</strong></p> <p>If we want to destroy all resources, use:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight jsx"><code><span class="nx">terraform</span> <span class="nx">destroy</span> </code></pre> </div> <p>To destroy a specific resource, use:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight jsx"><code><span class="nx">terraform</span> <span class="nx">destroy</span> <span class="o">--</span><span class="nx">target</span> <span class="nx">resource</span><span class="p">.</span><span class="nx">name</span> <span class="nx">example</span><span class="p">:</span> <span class="nx">terraform</span> <span class="nx">destroy</span> <span class="o">--</span><span class="nx">target</span> <span class="nx">aws_vpc</span><span class="p">.</span><span class="nx">vpc</span> </code></pre> </div> <p>The above example will only destroy the <code>aws_vpc</code> resource named “vpc”.</p> <h3> 2. Initialize Terraform with AWS Provider </h3> <p>In this section, we will:</p> <ol> <li>Create access_key from AWS Console.</li> <li>Initialize the AWS Provider.</li> </ol> <p><strong>2.1. Create an <code>access_key</code> from the AWS Console</strong></p> <ul> <li>Login to the AWS Console.</li> <li>Under your Profile &gt; Security credentials or go to <a href="https://us-east-1.console.aws.amazon.com/iam/home#/security_credentials" rel="noopener noreferrer">Security credentials page</a>.</li> <li> <p>Scroll till you see “Access keys” and click on “Create access key”.</p> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F6xxio06nma50nuzpsczp.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F6xxio06nma50nuzpsczp.png" alt="access_keys" width="800" height="210"></a></p> </li> <li><p>If you see warning with “Root user access keys are not recommended”, click on the checkbox and create the access key.</p></li> <li><p>Download the .csv file and save it, as AWS will not show the secret key again on the Console for security reasons.</p></li> </ul> <p><strong>2.2. Initialize AWS Provider</strong></p> <ul> <li>Create a directory at your desired path, and create a <strong>providers.tf</strong> file inside it.</li> <li> <p>To add AWS provider, use Terraform’s provider block as shown below:<br> </p> <pre class="highlight jsx"><code><span class="nx">provider</span> <span class="dl">"</span><span class="s2">aws</span><span class="dl">"</span> <span class="p">{</span> <span class="nx">region</span> <span class="o">=</span> <span class="dl">""</span> <span class="nx">access_key</span> <span class="o">=</span> <span class="dl">""</span> <span class="nx">secret_key</span> <span class="o">=</span> <span class="dl">""</span> <span class="p">}</span> </code></pre> <ul> <li> <code>region</code> - add the region based on your location as preferred by AWS.</li> <li> <code>access_key</code> &amp; <code>secret_key</code> - add the access key and secret key from the .csv file.</li> </ul> <p>There are multiple ways to add AWS access keys in Terraform. Here we are adding it directly in our Terraform file (not recommended).</p> <p>To read about different ways to add AWS access keys in Terraform, refer to this <a href="https://registry.terraform.io/providers/hashicorp/aws/latest/docs" rel="noopener noreferrer">documentation</a>.</p> </li> <li> <p>Open terminal, change directory to the one with the <strong>providers.tf</strong> file, and run:<br> </p> <pre class="highlight jsx"><code><span class="nx">terraform</span> <span class="nx">init</span> </code></pre> <p>This will download the necessary code required to use AWS APIs from Terraform.</p> <p>You should see an output like this:</p> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fyto6ygqg48wfflxcsrgn.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fyto6ygqg48wfflxcsrgn.png" alt="terraform init" width="800" height="456"></a></p> </li> </ul> <h3> 3. Creating Necessary Resources to Allow SSH to AWS EC2 Instance </h3> <p>In this section, we will create the following resources:</p> <ol> <li> <code>aws_vpc</code> - a Virtual Private Cloud/Network in which all our resources will be hosted.</li> <li> <code>aws_subnet</code> - a smaller chunk of network in which we will host our EC2 instance.</li> <li> <code>aws_internet_gateway</code> - it will allow traffic between EC2 instance and the Internet.</li> <li> <code>aws_route_table</code> - a set of rules for routing traffic from the subnet.</li> <li> <code>aws_route_table_association</code> - to associate the route table with the subnet.</li> <li> <code>aws_security_group</code> - a set of rules that determine which traffic is allowed from and to the EC2 instance.</li> <li> <code>aws_key_pair</code> - allows SSH to the EC2 instance.</li> <li> <code>aws_instance</code> - AWS EC2 instance.</li> </ol> <p>We will create all this resources in a separate file. Create a file named main.tf inside the same folder.</p> <blockquote> <p>💡 Make sure to apply resources and verify them in the AWS Console after each resource creation.</p> </blockquote> <p><strong>3.1. Creating <code>aws_vpc</code></strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight jsx"><code><span class="nx">resource</span> <span class="dl">"</span><span class="s2">aws_vpc</span><span class="dl">"</span> <span class="dl">"</span><span class="s2">vpc-dev</span><span class="dl">"</span> <span class="p">{</span> <span class="nx">cidr_block</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">10.0.0.0/16</span><span class="dl">"</span> <span class="nx">tags</span> <span class="o">=</span> <span class="p">{</span> <span class="nx">Name</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">dev</span><span class="dl">"</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <ul> <li> <code>cidr_block</code> - to determine the range of network.</li> <li> <code>tags</code> - add tags to resources for unique identification. This tag will show in the AWS Console.</li> </ul> <blockquote> <p>💡 If you want to ‘terraform apply’ without the prompt, use:</p> <pre class="highlight jsx"><code><span class="nx">terraform</span> <span class="nx">apply</span> <span class="o">-</span><span class="nx">auto</span><span class="o">-</span><span class="nx">approve</span> </code></pre> </blockquote> <p><strong>3.2. Creating <code>aws_subnet</code></strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight jsx"><code><span class="nx">resource</span> <span class="dl">"</span><span class="s2">aws_subnet</span><span class="dl">"</span> <span class="dl">"</span><span class="s2">subnet-dev</span><span class="dl">"</span> <span class="p">{</span> <span class="nx">vpc_id</span> <span class="o">=</span> <span class="nx">aws_vpc</span><span class="p">.</span><span class="nx">vpc</span><span class="o">-</span><span class="nx">dev</span><span class="p">.</span><span class="nx">id</span> <span class="nx">cidr_block</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">10.0.0.0/24</span><span class="dl">"</span> <span class="nx">map_public_ip_on_launch</span> <span class="o">=</span> <span class="kc">true</span> <span class="nx">availability_zone</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">ap-southeast-2a</span><span class="dl">"</span> <span class="nx">tags</span> <span class="o">=</span> <span class="p">{</span> <span class="nx">Name</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">dev</span><span class="dl">"</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <ul> <li> <p><code>vpc_id</code> - used to identify the VPC in which our subnet will be created.</p> <p>To view this <code>vpc_id</code> use:<br> </p> <pre class="highlight jsx"><code><span class="nx">terraform</span> <span class="nx">state</span> <span class="nx">show</span> <span class="nx">aws_vpc</span><span class="p">.</span><span class="nx">vpc</span><span class="o">-</span><span class="nx">dev</span> </code></pre> <p>From the output, you will see <code>id = “&lt;some id&gt;”</code>.</p> </li> <li><p><code>cidr_block</code> - to determine the range of subnet.</p></li> <li><p><code>map_public_ip_on_launch</code> - assign a public IP to the instance launched inside this subnet.</p></li> <li><p><code>availability_zone</code> - determines the specific zone in which to deploy the subnet. You can use the region you specified in the provider and add “a” at the end of it.</p></li> </ul> <p><strong>3.3. Creating <code>aws_internet_gateway</code></strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight jsx"><code><span class="nx">resource</span> <span class="dl">"</span><span class="s2">aws_internet_gateway</span><span class="dl">"</span> <span class="dl">"</span><span class="s2">igw</span><span class="dl">"</span><span class="p">{</span> <span class="nx">vpc_id</span> <span class="o">=</span> <span class="nx">aws_vpc</span><span class="p">.</span><span class="nx">vpc</span><span class="o">-</span><span class="nx">dev</span><span class="p">.</span><span class="nx">id</span> <span class="nx">tags</span> <span class="o">=</span> <span class="p">{</span> <span class="nx">Name</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">dev</span><span class="dl">"</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <blockquote> <p>💡 Keep applying resources and check in the AWS Console.</p> </blockquote> <p><strong>3.4. Creating <code>aws_route_table</code></strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight jsx"><code><span class="nx">resource</span> <span class="dl">"</span><span class="s2">aws_route_table</span><span class="dl">"</span> <span class="dl">"</span><span class="s2">route-table-dev</span><span class="dl">"</span> <span class="p">{</span> <span class="nx">vpc_id</span> <span class="o">=</span> <span class="nx">aws_vpc</span><span class="p">.</span><span class="nx">vpc</span><span class="o">-</span><span class="nx">dev</span><span class="p">.</span><span class="nx">id</span> <span class="nx">route</span> <span class="p">{</span> <span class="nx">cidr_block</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">0.0.0.0/0</span><span class="dl">"</span> <span class="nx">gateway_id</span> <span class="o">=</span> <span class="nx">aws_internet_gateway</span><span class="p">.</span><span class="nx">igw</span><span class="p">.</span><span class="nx">id</span> <span class="p">}</span> <span class="nx">tags</span> <span class="o">=</span> <span class="p">{</span> <span class="nx">Name</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">dev</span><span class="dl">"</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <ul> <li> <code>route</code> block - allows specify different routes (IPv4, IPv6). In the above example, the route block will allow all IPv4 traffic from the <code>igw</code> Internet Gateway.</li> </ul> <p><strong>3.5. Creating <code>aws_route_table_association</code></strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight jsx"><code><span class="nx">resource</span> <span class="dl">"</span><span class="s2">aws_route_table_association</span><span class="dl">"</span> <span class="dl">"</span><span class="s2">rta</span><span class="dl">"</span> <span class="p">{</span> <span class="nx">subnet_id</span> <span class="o">=</span> <span class="nx">aws_subnet</span><span class="p">.</span><span class="nx">subnet</span><span class="o">-</span><span class="nx">dev</span><span class="p">.</span><span class="nx">id</span> <span class="nx">route_table_id</span> <span class="o">=</span> <span class="nx">aws_route_table</span><span class="p">.</span><span class="nx">route</span><span class="o">-</span><span class="nx">table</span><span class="o">-</span><span class="nx">dev</span><span class="p">.</span><span class="nx">id</span> <span class="p">}</span> </code></pre> </div> <blockquote> <p>💡 All the resources related to VPC - vpc, subnet, route tables, internet gateways, security groups will be shown under the VPC Dashboard in the AWS Console.</p> </blockquote> <p><strong>3.6. Creating <code>aws_security_group</code></strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight jsx"><code><span class="nx">resource</span> <span class="dl">"</span><span class="s2">aws_security_group</span><span class="dl">"</span> <span class="dl">"</span><span class="s2">ssh</span><span class="dl">"</span> <span class="p">{</span> <span class="nx">name</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">allow_ssh_traffic</span><span class="dl">"</span> <span class="nx">description</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">Allow SSH</span><span class="dl">"</span> <span class="nx">vpc_id</span> <span class="o">=</span> <span class="nx">aws_vpc</span><span class="p">.</span><span class="nx">vpc</span><span class="o">-</span><span class="nx">dev</span><span class="p">.</span><span class="nx">id</span> <span class="nx">ingress</span> <span class="p">{</span> <span class="nx">from_port</span> <span class="o">=</span> <span class="mi">22</span> <span class="nx">to_port</span> <span class="o">=</span> <span class="mi">22</span> <span class="nx">protocol</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">tcp</span><span class="dl">"</span> <span class="nx">cidr_blocks</span> <span class="o">=</span> <span class="p">[</span><span class="dl">"</span><span class="s2">0.0.0.0/0</span><span class="dl">"</span><span class="p">]</span> <span class="p">}</span> <span class="nx">egress</span> <span class="p">{</span> <span class="nx">from_port</span> <span class="o">=</span> <span class="mi">0</span> <span class="nx">to_port</span> <span class="o">=</span> <span class="mi">0</span> <span class="nx">protocol</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">-1</span><span class="dl">"</span> <span class="nx">cidr_blocks</span> <span class="o">=</span> <span class="p">[</span><span class="dl">"</span><span class="s2">0.0.0.0/0</span><span class="dl">"</span><span class="p">]</span> <span class="nx">ipv6_cidr_blocks</span> <span class="o">=</span> <span class="p">[</span><span class="dl">"</span><span class="s2">::/0</span><span class="dl">"</span><span class="p">]</span> <span class="p">}</span> <span class="nx">tags</span> <span class="o">=</span> <span class="p">{</span> <span class="nx">Name</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">dev_ssh_sg</span><span class="dl">"</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <ul> <li> <code>name</code> &amp; <code>description</code> - are metadata and will be shown in the AWS Console.</li> <li> <code>ingress</code> block - used to define inbound rules (traffic coming to the server).</li> <li> <code>egress</code> block - used to define outbound rules (traffic going from the server).</li> </ul> <p><strong>3.7. Creating <code>aws_key_pair</code></strong></p> <ul> <li> <p>Use ssh-keygen to create a key pair locally:<br> </p> <pre class="highlight jsx"><code><span class="nx">ssh</span><span class="o">-</span><span class="nx">keygen</span> <span class="o">-</span><span class="nx">t</span> <span class="nx">ed25519</span> </code></pre> <p>Change the key name to <code>dev-key</code> and give the full path as shown below as per your username.</p> </li> </ul> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcevgjidlx09hyibf63zz.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcevgjidlx09hyibf63zz.png" alt="ssh keys location" width="800" height="43"></a> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>You can leave other prompts as blank and press Enter. Verify the keys using: </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight jsx"><code><span class="nx">ls</span> <span class="nx">C</span><span class="p">:</span><span class="err">\</span><span class="nx">Users</span><span class="err">\</span><span class="nx">username</span><span class="err">\</span><span class="p">.</span><span class="nx">ssh</span><span class="o">\</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight jsx"><code><span class="nx">resource</span> <span class="dl">"</span><span class="s2">aws_key_pair</span><span class="dl">"</span> <span class="dl">"</span><span class="s2">dev-key</span><span class="dl">"</span> <span class="p">{</span> <span class="nx">key_name</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">dev-key</span><span class="dl">"</span> <span class="nx">public_key</span> <span class="o">=</span> <span class="nf">file</span><span class="p">(</span><span class="dl">"</span><span class="s2">~/.ssh/dev-key.pub</span><span class="dl">"</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <ul> <li> <code>public_key</code> - passing the recently created public key.</li> </ul> <blockquote> <p>💡 To verify <code>aws_key_pair</code>, go to the EC2 dashboard &gt; Network &amp; Security &gt; Key Pairs.</p> </blockquote> <p><strong>3.8. Creating <code>aws_instance</code></strong></p> <ul> <li>To get the AMI ID for the instance, go to the EC2 dashboard &gt; Instances &gt; Launch Instances (Top-Right Corner).</li> <li> <p>Under Application and OS Images &gt; Select Ubuntu.</p> <p><a href="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fsucrcfclrhsao6wpknoo.png" class="article-body-image-wrapper"><img src="https://media.dev.to/cdn-cgi/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fsucrcfclrhsao6wpknoo.png" alt="aws ami" width="800" height="761"></a></p> <p>You will get the AMI ID from here.</p> <p>There are dynamic ways to fetch the AMI ID. To learn more about it, refer this <a href="https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ami" rel="noopener noreferrer">documentation</a>.<br> </p> </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight jsx"><code><span class="nx">resource</span> <span class="dl">"</span><span class="s2">aws_instance</span><span class="dl">"</span> <span class="dl">"</span><span class="s2">node-dev</span><span class="dl">"</span> <span class="p">{</span> <span class="nx">ami</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">ami-03f0544597f43a91d</span><span class="dl">"</span> <span class="nx">instance_type</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">t2.micro</span><span class="dl">"</span> <span class="nx">availability_zone</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">ap-southeast-2a</span><span class="dl">"</span> <span class="nx">key_name</span> <span class="o">=</span> <span class="nx">aws_key_pair</span><span class="p">.</span><span class="nx">dev</span><span class="o">-</span><span class="nx">key</span><span class="p">.</span><span class="nx">key_name</span> <span class="nx">vpc_security_group_ids</span> <span class="o">=</span> <span class="p">[</span><span class="nx">aws_security_group</span><span class="p">.</span><span class="nx">ssh</span><span class="p">.</span><span class="nx">id</span><span class="p">]</span> <span class="nx">subnet_id</span> <span class="o">=</span> <span class="nx">aws_subnet</span><span class="p">.</span><span class="nx">subnet</span><span class="o">-</span><span class="nx">dev</span><span class="p">.</span><span class="nx">id</span> <span class="nx">tags</span> <span class="o">=</span> <span class="p">{</span> <span class="nx">Name</span> <span class="o">=</span> <span class="dl">"</span><span class="s2">dev</span><span class="dl">"</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <ul> <li> <code>ami</code> - add the AMI ID that you got from the console.</li> <li> <code>instance_type</code> - keep it <code>t2.micro</code> (its free tier).</li> <li> <code>availability_zone</code> - keep it the same as the subnet.</li> </ul> <h3> 4. SSH to AWS EC2 instance. </h3> <p>In this section, we will SSH to our created EC2 instance.</p> <ul> <li> <p>Get the public IP of the EC2 instance:<br> </p> <pre class="highlight jsx"><code><span class="nx">terraform</span> <span class="nx">state</span> <span class="nx">show</span> <span class="nx">aws_instance</span><span class="p">.</span><span class="nx">node</span><span class="o">-</span><span class="nx">dev</span> </code></pre> <p>Scroll down and copy the <code>public_ip</code>.</p> </li> <li> <p>Open the terminal and run:<br> </p> <pre class="highlight jsx"><code><span class="nx">ssh</span> <span class="o">-</span><span class="nx">i</span> <span class="nx">C</span><span class="p">:</span><span class="err">\</span><span class="nx">Users</span><span class="err">\</span><span class="nx">username</span><span class="err">\</span><span class="p">.</span><span class="nx">ssh</span><span class="err">\</span><span class="nx">dev</span><span class="o">-</span><span class="nx">key</span> <span class="nx">ubuntu</span><span class="p">@</span><span class="nd">public_ip</span> </code></pre> <p>The path to the SSH key and the <code>public_ip</code> will defer based on your system.</p> <p>If you see any prompt regarding:</p> <p>The authenticity of host 'public_ip (public_ip)' can't be established.</p> <p>Type <code>yes</code>.</p> <p>You will be connected to the remote EC2 instance.</p> </li> </ul> <h3> 5. Destroy All resources </h3> <blockquote> <p>💡 Now the fun part when practicing, daunting when in production</p> </blockquote> <p>Before running <code>destroy</code>, let’s run:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight jsx"><code><span class="nx">terraform</span> <span class="nx">state</span> <span class="nx">list</span> </code></pre> </div> <p>This will show all the resources that are created using Terraform. </p> <p>Check the output before and after running the <code>destroy</code> command to verify proper destruction :)</p> <p>To destroy all resources, run:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight jsx"><code><span class="nx">terraform</span> <span class="nx">destroy</span> </code></pre> </div> <h3> Summary: </h3> <p>In this article, we:</p> <ul> <li>Explored the basics of Terraform, including provider and resource blocks and different Terraform commands.</li> <li>Initialized Terraform with the AWS provider.</li> <li>Created essential AWS resources: <ul> <li>VPC</li> <li>Subnet</li> <li>Internet Gateway</li> <li>Route Table</li> <li>Security Group</li> <li>Key Pair</li> <li>EC2 Instance</li> </ul> </li> <li>Connected to the EC2 instance via SSH.</li> <li>Learned how to destroy created resources.</li> </ul> <p><strong>Materials used to write this article:</strong></p> <ul> <li><a href="https://registry.terraform.io/providers/hashicorp/aws/latest/docs" rel="noopener noreferrer">https://registry.terraform.io/providers/hashicorp/aws/latest/docs</a></li> <li><a href="https://docs.aws.amazon.com/" rel="noopener noreferrer">https://docs.aws.amazon.com/</a></li> <li><a href="https://youtu.be/SLB_c_ayRMo?si=VI1mDwB8mdFXtmMP" rel="noopener noreferrer">https://youtu.be/SLB_c_ayRMo?si=VI1mDwB8mdFXtmMP</a></li> <li><a href="https://youtu.be/iRaai1IBlB0?si=N6qau7TbrsftJ_z2" rel="noopener noreferrer">https://youtu.be/iRaai1IBlB0?si=N6qau7TbrsftJ_z2</a></li> </ul> <p><strong>Tags:</strong> </p> <p>Infrastructure as Code, Terraform, AWS, Cloud Computing</p> infrastructureascode terraform aws cloudcomputing