DEV Community: marvintowett The latest articles on DEV Community by marvintowett (@mktowett). https://dev.to/mktowett https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F1063632%2Ffe68ea67-d278-41f7-aa96-59dba7c0ef88.jpeg DEV Community: marvintowett https://dev.to/mktowett en Deploying a Highly Available Web App on AWS Using Terraform marvintowett Thu, 26 Mar 2026 18:57:04 +0000 https://dev.to/mktowett/deploying-a-highly-available-web-app-on-aws-using-terraform-f44 https://dev.to/mktowett/deploying-a-highly-available-web-app-on-aws-using-terraform-f44 <p>Today we will be looking at deploying a cluster of web servers. To make all this possible we are going to employ the use of the following AWS technologies:</p> <ol> <li>Auto Scaling Group (ASG)</li> <li>Application Load Balancer</li> <li>Launch Configuration </li> </ol> <h4> Auto Scaling Group (ASG) </h4> <p>Auto Scaling Group handles:</p> <ul> <li>Launching a cluster of EC2 Instances</li> <li>Monitoring health of each instance</li> <li>Replacing failed instances</li> <li>Adjusting Size of each of the cluster in response to load</li> </ul> <p>Creating an ASG:<br> In order to create an ASG you must first create a <em>launch configuration</em> that specifies how to configure each EC2 instance in the ASG</p> <p>This Terraform configuration creates an Auto Scaling group with a launch configuration that sets up a simple HTTP server using BusyBox. The server listens on a port defined by the <code>server_port</code> variable, which defaults to 8080. The security group allows incoming traffic on the specified port from any IP address.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="nx">resource</span> <span class="s2">"aws_launch_configuration"</span> <span class="s2">"example"</span> <span class="p">{</span> <span class="nx">image_id</span> <span class="p">=</span> <span class="s2">"ami-0735c191cf914754d"</span> <span class="nx">instance_type</span> <span class="p">=</span> <span class="s2">"t2.micro"</span> <span class="nx">security_groups</span> <span class="p">=</span> <span class="p">[</span><span class="nx">aws_security_group</span><span class="p">.</span><span class="nx">instance</span><span class="p">.</span><span class="nx">id</span><span class="p">]</span> <span class="nx">user_data</span> <span class="p">=</span> <span class="o">&lt;&lt;-</span><span class="no">EOF</span><span class="sh"> #!/bin/bash echo "Hello, World" &gt; index.html nohup busybox httpd -f -p ${var.server_port} &amp; </span><span class="no"> EOF </span> <span class="c1">// Ensure that the new launch configuration is created before the old one is destroyed </span> <span class="nx">lifecycle</span> <span class="p">{</span> <span class="nx">create_before_destroy</span> <span class="p">=</span> <span class="kc">true</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <blockquote> <p>We added lifecycle block. this ensures that when updating/creating a new EC2 instance, Terraform will first create the new instance update then delete the old instance</p> </blockquote> <p>For this ASG to work we need to add another value <code>subnet_ids</code>.<br> This parameter specifies which subnet the EC2 instances should be deployed to the ASG.</p> <blockquote> <p>Each subnet lives in an isolated AWS Availability Zone (AWS AZ) to ensure your instances keep running even if some of the data centres have an outage</p> </blockquote> <h4> Data Source: </h4> <p>In order to get the ips of each subnet we are going to use <code>data sources</code>. <br> A data sources represents a piece of read-only information that is fetched from the provider whenever you run Terraform. <br> Data source is used to simply query information from the providers IP.</p> <p>The Syntax for using a data source:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="nx">data</span> <span class="s2">"&lt;PROVIDER_NAME&gt;_&lt;TYPE&gt;"</span> <span class="s2">"&lt;NAME&gt;"</span> <span class="p">{</span> <span class="p">[</span><span class="nx">CONFIG</span> <span class="p">...]</span> <span class="p">}</span> </code></pre> </div> <p>We will go ahead and look up data for our Default VPC and then combine that with another data source <code>aws_subnets</code> to look upthe subnets within the VPC.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="c1">// Data sources to get the default VPC</span> <span class="nx">data</span> <span class="s2">"aws_vpc"</span> <span class="s2">"default"</span> <span class="p">{</span> <span class="nx">default</span> <span class="p">=</span> <span class="kc">true</span> <span class="p">}</span> <span class="c1">// Get the subnets in the default VPC</span> <span class="nx">data</span> <span class="s2">"aws_subnets"</span> <span class="s2">"default"</span> <span class="p">{</span> <span class="nx">filter</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"vpc-id"</span> <span class="nx">values</span> <span class="p">=</span> <span class="p">[</span><span class="nx">data</span><span class="p">.</span><span class="nx">aws_vpc</span><span class="p">.</span><span class="nx">default</span><span class="p">.</span><span class="nx">id</span><span class="p">]</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>Now we can pull the Ids out of the aws_subnets required by the ASG.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="c1">// Create an Auto Scaling group that uses the launch configuration</span> <span class="nx">resource</span> <span class="s2">"aws_autoscaling_group"</span> <span class="s2">"example"</span> <span class="p">{</span> <span class="nx">launch_configuration</span> <span class="p">=</span> <span class="nx">aws_launch_configuration</span><span class="p">.</span><span class="nx">example</span><span class="p">.</span><span class="nx">name</span> <span class="nx">vpc_zone_identifier</span> <span class="p">=</span> <span class="nx">data</span><span class="p">.</span><span class="nx">aws_subnets</span><span class="p">.</span><span class="nx">default</span><span class="p">.</span><span class="nx">ids</span> <span class="nx">min_size</span> <span class="p">=</span> <span class="mi">2</span> <span class="nx">max_size</span> <span class="p">=</span> <span class="mi">10</span> <span class="nx">tag</span><span class="p">{</span> <span class="nx">key</span> <span class="p">=</span> <span class="s2">"Name"</span> <span class="nx">value</span> <span class="p">=</span> <span class="s2">"mk-terraform-instance"</span> <span class="nx">propagate_at_launch</span> <span class="p">=</span> <span class="kc">true</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h4> Deploying Load Balancer </h4> <p>A Load balance is a server that distributes traffic across your server while using the load balancer's IP.<br> we have 3 types of Load balancers:</p> <ol> <li>Application Load Balancers(ALB): Best suited for load balancing of HTTP and HTTPS request</li> <li>Network Load Balancers(NLB): Best suited for load balancing of TCP, UDP and TLS traffic.</li> <li>Classic Load Balancer(CLB): CLB predates ALB and NLB, it loab balance's for HTTP, HTTPS, TCP and UDP.However it has fewer features than ALB and NLB.</li> </ol> <p>For this example since we are deploying a simple server we will be using ALB Application Load Balancer.<br> To create a load balance we will use the <code>aws_lb</code> resource.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="nx">resource</span> <span class="s2">"aws_lb"</span> <span class="s2">"example"</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"terraform-asg-example"</span> <span class="nx">load_balancer_type</span> <span class="p">=</span> <span class="s2">"application"</span> <span class="nx">subnets</span> <span class="p">=</span> <span class="nx">data</span><span class="p">.</span><span class="nx">aws_subnets</span><span class="p">.</span><span class="nx">default</span><span class="p">.</span><span class="nx">ids</span> <span class="p">}</span> </code></pre> </div> <blockquote> <p>Our load balancer is configured to use all subnets.</p> </blockquote> <p>Now we need to configure listeners to the loab balancer using the <code>aws_lb_listener</code> resource.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="nx">resource</span> <span class="s2">"aws_lb_listener"</span> <span class="s2">"http"</span> <span class="p">{</span> <span class="nx">load_balancer_arn</span> <span class="p">=</span> <span class="nx">aws_lb</span><span class="p">.</span><span class="nx">example</span><span class="p">.</span><span class="nx">arn</span> <span class="nx">port</span> <span class="p">=</span> <span class="nx">var</span><span class="p">.</span><span class="nx">http_port</span> <span class="nx">protocol</span> <span class="p">=</span> <span class="s2">"HTTP"</span> <span class="c1">// Set up a fixed response for any requests that do not match the target group</span> <span class="nx">default_action</span> <span class="p">{</span> <span class="nx">type</span> <span class="p">=</span> <span class="s2">"fixed-response"</span> <span class="nx">fixed_response</span> <span class="p">{</span> <span class="nx">content_type</span> <span class="p">=</span> <span class="s2">"text/plain"</span> <span class="nx">message_body</span> <span class="p">=</span> <span class="s2">"${var.status_code}: Page Not Found"</span> <span class="nx">status_code</span> <span class="p">=</span> <span class="nx">var</span><span class="p">.</span><span class="nx">status_code</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>The listener above is configured to listen to default port 80, use the HTTP protocol and send 404 page for request that don't match listeners rules.</p> <p>Now we will need to create a new security group for our ASG since AWS does not allow any incoming or outgoing traffic by default.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="nx">resource</span> <span class="s2">"aws_security_group"</span> <span class="s2">"alb"</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"mk-terraform-alb-security-group"</span> <span class="c1">// Allow incoming traffic on the HTTP port from any IP address</span> <span class="nx">ingress</span><span class="p">{</span> <span class="nx">from_port</span> <span class="p">=</span> <span class="nx">var</span><span class="p">.</span><span class="nx">http_port</span> <span class="nx">to_port</span> <span class="p">=</span> <span class="nx">var</span><span class="p">.</span><span class="nx">http_port</span> <span class="nx">protocol</span> <span class="p">=</span> <span class="s2">"tcp"</span> <span class="nx">cidr_blocks</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"0.0.0.0/0"</span><span class="p">]</span> <span class="p">}</span> <span class="c1">// Allow all outbound traffic from the load balancer</span> <span class="nx">egress</span> <span class="p">{</span> <span class="nx">from_port</span> <span class="p">=</span> <span class="mi">0</span> <span class="nx">to_port</span> <span class="p">=</span> <span class="mi">0</span> <span class="nx">protocol</span> <span class="p">=</span> <span class="s2">"-1"</span> <span class="nx">cidr_blocks</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"0.0.0.0/0"</span><span class="p">]</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>The next Step is now to pass this security group in the <br> <code>security_group</code> arguments of our load balance.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="c1">// Create an Application Load Balancer to distribute traffic to the instances in the Auto Scaling group</span> <span class="nx">resource</span> <span class="s2">"aws_lb"</span> <span class="s2">"example"</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"terraform-asg-example"</span> <span class="nx">load_balancer_type</span> <span class="p">=</span> <span class="s2">"application"</span> <span class="nx">subnets</span> <span class="p">=</span> <span class="nx">data</span><span class="p">.</span><span class="nx">aws_subnets</span><span class="p">.</span><span class="nx">default</span><span class="p">.</span><span class="nx">ids</span> <span class="nx">security_groups</span> <span class="p">=</span> <span class="p">[</span><span class="nx">aws_security_group</span><span class="p">.</span><span class="nx">alb</span><span class="p">.</span><span class="nx">id</span><span class="p">]</span> <span class="p">}</span> </code></pre> </div> <p>Next we will have to create a target group for our ASG using the aws_b_target_group resource. a target group is a part of the ASG that receives request from the load balancer. it also performs health checks on the server and sends request to healthy nodes only.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="c1">// Create a target group for the Auto Scaling group instances</span> <span class="nx">resource</span> <span class="s2">"aws_lb_target_group"</span> <span class="s2">"asg"</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"terraform-asg-example"</span> <span class="nx">port</span> <span class="p">=</span> <span class="nx">var</span><span class="p">.</span><span class="nx">server_port</span> <span class="nx">protocol</span> <span class="p">=</span> <span class="s2">"HTTP"</span> <span class="nx">vpc_id</span> <span class="p">=</span> <span class="nx">data</span><span class="p">.</span><span class="nx">aws_vpc</span><span class="p">.</span><span class="nx">default</span><span class="p">.</span><span class="nx">id</span> <span class="nx">health_check</span> <span class="p">{</span> <span class="nx">path</span> <span class="p">=</span> <span class="s2">"/"</span> <span class="nx">protocol</span> <span class="p">=</span> <span class="s2">"HTTP"</span> <span class="nx">matcher</span> <span class="p">=</span> <span class="s2">"200"</span> <span class="nx">interval</span> <span class="p">=</span> <span class="mi">15</span> <span class="nx">timeout</span> <span class="p">=</span> <span class="mi">3</span> <span class="nx">healthy_threshold</span> <span class="p">=</span> <span class="mi">2</span> <span class="nx">unhealthy_threshold</span> <span class="p">=</span> <span class="mi">2</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>The target groups sends request to EC2 Instance by setting <code>target_group_arns</code> in the <code>aws_autoscaling_group</code> resource.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="c1">// Create an Auto Scaling group that uses the launch configuration</span> <span class="nx">resource</span> <span class="s2">"aws_autoscaling_group"</span> <span class="s2">"example"</span> <span class="p">{</span> <span class="nx">launch_configuration</span> <span class="p">=</span> <span class="nx">aws_launch_configuration</span><span class="p">.</span><span class="nx">example</span><span class="p">.</span><span class="nx">name</span> <span class="nx">vpc_zone_identifier</span> <span class="p">=</span> <span class="nx">data</span><span class="p">.</span><span class="nx">aws_subnets</span><span class="p">.</span><span class="nx">default</span><span class="p">.</span><span class="nx">ids</span> <span class="nx">target_group_arns</span> <span class="p">=</span> <span class="p">[</span><span class="nx">aws_lb_target_group</span><span class="p">.</span><span class="nx">asg</span><span class="p">.</span><span class="nx">arn</span><span class="p">]</span> <span class="nx">health_check_type</span> <span class="p">=</span> <span class="s2">"ELB"</span> <span class="nx">min_size</span> <span class="p">=</span> <span class="mi">2</span> <span class="nx">max_size</span> <span class="p">=</span> <span class="mi">10</span> <span class="nx">tag</span><span class="p">{</span> <span class="nx">key</span> <span class="p">=</span> <span class="s2">"Name"</span> <span class="nx">value</span> <span class="p">=</span> <span class="s2">"mk-terraform-instance"</span> <span class="nx">propagate_at_launch</span> <span class="p">=</span> <span class="kc">true</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <blockquote> <p>Note: we updated the health_check_type to "ELB" health check as it is more robust and instructs ASG to use the target group health check to determine whether an instance is healthy.</p> </blockquote> <p>Finally, we create a <code>listener_rule</code>. This is the last part of the ASG we need to configure. The Listener Rule takes a request that's come in and send's those that match specific paths or hostnames to specific <code>target_group</code>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight hcl"><code><span class="c1">// Create a listener rule that forwards traffic to the target group for the Auto Scaling group instances</span> <span class="nx">resource</span> <span class="s2">"aws_lb_listener_rule"</span> <span class="s2">"asg"</span> <span class="p">{</span> <span class="nx">listener_arn</span> <span class="p">=</span> <span class="nx">aws_lb_listener</span><span class="p">.</span><span class="nx">http</span><span class="p">.</span><span class="nx">arn</span> <span class="nx">priority</span> <span class="p">=</span> <span class="mi">100</span> <span class="c1">// Forward traffic to the target group for the Auto Scaling group instances if the path is "/"</span> <span class="nx">condition</span> <span class="p">{</span> <span class="nx">path_pattern</span> <span class="p">{</span> <span class="nx">values</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"/"</span><span class="p">]</span> <span class="p">}</span> <span class="p">}</span> <span class="c1">// Forward traffic to the target group for the Auto Scaling group instances</span> <span class="nx">action</span> <span class="p">{</span> <span class="nx">type</span> <span class="p">=</span> <span class="s2">"forward"</span> <span class="nx">target_group_arn</span> <span class="p">=</span> <span class="nx">aws_lb_target_group</span><span class="p">.</span><span class="nx">asg</span><span class="p">.</span><span class="nx">arn</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> terrafo Mastering Basic Infrastructure with Terraform marvintowett Tue, 24 Mar 2026 19:05:03 +0000 https://dev.to/mktowett/mastering-basic-infrastructure-with-terraform-nac https://dev.to/mktowett/mastering-basic-infrastructure-with-terraform-nac <p>Yesterday we deployed our first server. Today we level up. We will learn one of the most important principles in Terraform — and in software engineering generally — which is <strong>DRY: Don't Repeat Yourself</strong>. We will apply it by deploying a configurable web server using input variables, then take it further by deploying a clustered web server capable of handling real traffic. By the end of today we will understand what separates a toy deployment from production-ready infrastructure.</p> <p>We will continue using our code from yesterday's session and improve on it. Here is our starting point:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight terraform"><code><span class="k">provider</span> <span class="s2">"aws"</span> <span class="p">{</span> <span class="nx">region</span> <span class="p">=</span> <span class="s2">"us-west-2"</span> <span class="p">}</span> <span class="k">resource</span> <span class="s2">"aws_instance"</span> <span class="s2">"example"</span> <span class="p">{</span> <span class="nx">ami</span> <span class="p">=</span> <span class="s2">"ami-0735c191cf914754d"</span> <span class="nx">instance_type</span> <span class="p">=</span> <span class="s2">"t3.micro"</span> <span class="nx">vpc_security_group_ids</span> <span class="p">=</span> <span class="p">[</span><span class="nx">aws_security_group</span><span class="p">.</span><span class="nx">instance</span><span class="p">.</span><span class="nx">id</span><span class="p">]</span> <span class="nx">tags</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">Name</span> <span class="p">=</span> <span class="s2">"mk-terraform-example"</span> <span class="p">}</span> <span class="nx">user_data</span> <span class="p">=</span> <span class="o">&lt;&lt;-</span><span class="no">EOF</span><span class="sh"> #!/bin/bash echo "Hello, World" &gt; index.html nohup busybox httpd -f -p 8080 &amp; </span><span class="no"> EOF </span> <span class="nx">user_data_replace_on_change</span> <span class="p">=</span> <span class="kc">true</span> <span class="p">}</span> <span class="k">resource</span> <span class="s2">"aws_security_group"</span> <span class="s2">"instance"</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"mk-terraform-security-group"</span> <span class="nx">ingress</span> <span class="p">{</span> <span class="nx">from_port</span> <span class="p">=</span> <span class="mi">8080</span> <span class="nx">to_port</span> <span class="p">=</span> <span class="mi">8080</span> <span class="nx">protocol</span> <span class="p">=</span> <span class="s2">"tcp"</span> <span class="nx">cidr_blocks</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"0.0.0.0/0"</span><span class="p">]</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>Terraform allows you to make your code more configurables hence aligns with the DRY Principle. We achieve this by defining <em>input variables</em> the syntax:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight terraform"><code><span class="k">variable</span> <span class="s2">"&lt;variable-name&gt;"</span> <span class="p">{</span> <span class="p">[</span><span class="nx">CONFIG</span> <span class="p">...]</span> <span class="p">}</span> </code></pre> </div> <p>the body of a vriable contains the following parameters which are optional</p> <ul> <li>description: used to document how the variable is used</li> <li>default: used when no value is provided. if there is no value Terraform will prompt the user for one</li> </ul> <blockquote> <p>There are multiple ways of providing a value for a variable i.e command line using -var option, via a file using the -var-file option, or via environment virable</p> </blockquote> <ul> <li>type: allows you to enforce constraints on the variable</li> <li>validation: allows you to dife custom validations rules for an input</li> <li>sensitive: if set to true on an input it will not be logged when apply or plan are executed.</li> </ul> <p>You can read more on this. For now let's proceed with the task at hand let's introduce our first variable. In this example we will define the default value<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight terraform"><code><span class="k">variable</span> <span class="s2">"server_port"</span> <span class="p">{</span> <span class="nx">description</span> <span class="p">=</span> <span class="s2">"The port the server will use for HTTP requests"</span> <span class="nx">type</span> <span class="p">=</span> <span class="nx">number</span> <span class="nx">default</span> <span class="p">=</span> <span class="mi">8080</span> <span class="p">}</span> </code></pre> </div> <p>In order to use this variable we will employ the use of terraform expressions called <code>variable reference</code>. it follows the syntax below:</p> <p><code>var.&lt;VARIABLE_NAME&gt;</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight terraform"><code><span class="k">resource</span> <span class="s2">"aws_security_group"</span> <span class="s2">"instance"</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"mk-terraform-security-group"</span> <span class="nx">ingress</span> <span class="p">{</span> <span class="nx">from_port</span> <span class="p">=</span> <span class="kd">var</span><span class="p">.</span><span class="nx">server_port</span> <span class="nx">to_port</span> <span class="p">=</span> <span class="kd">var</span><span class="p">.</span><span class="nx">server_port</span> <span class="nx">protocol</span> <span class="p">=</span> <span class="s2">"tcp"</span> <span class="nx">cidr_blocks</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"0.0.0.0/0"</span><span class="p">]</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>Note in our User data script we also defined port 8080. We can reference the variable using and expression called an <code>interpolation</code> of syntax:</p> <p><code>"${..........}"</code></p> <h3> OUTPUT VARIABLE </h3> <p>We if we can input for sure we can output. An <em><strong>output variable</strong></em> has the following syntax:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight terraform"><code><span class="k">output</span> <span class="s2">"&lt;NAME&gt;"</span> <span class="p">{</span> <span class="nx">value</span> <span class="p">=</span> <span class="err">&lt;</span><span class="nx">VALUE</span><span class="err">&gt;</span> <span class="p">[</span><span class="nx">CONFIG</span> <span class="p">...]</span> <span class="p">}</span> </code></pre> </div> <p>The Config contains the following optional parameters:</p> <ul> <li>description: allows you to document the type of data contained in the output variable</li> <li>sensitive: flags if data should be shown when plan or apply are executed </li> <li>depends_on: allows you to create dependency between resources that require each other. </li> </ul> <p><strong>USE CASE</strong>: <br> Instead of having to manually poke around the EC2 console to get the IP address of your newly created server you can provide the IP address as an output variable<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight terraform"><code><span class="k">output</span> <span class="s2">"public_ip"</span> <span class="p">{</span> <span class="nx">value</span> <span class="p">=</span> <span class="nx">aws_instance</span><span class="p">.</span><span class="nx">example</span><span class="p">.</span><span class="nx">public_ip</span> <span class="nx">description</span> <span class="p">=</span> <span class="s2">"The public IP address of the web server"</span> <span class="p">}</span> </code></pre> </div> <p>When you run the Command terraform apply. you will see the output show up as seen in the screenshot below.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fpezvlpx71h33odqkh0im.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fpezvlpx71h33odqkh0im.png" alt=" "></a></p> <p>You can also use command <code>terraform output</code> to list all outputs without applying changes<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="go">mktowett@Kiprotichs-MacBook-Pro Day2 % terraform output public_ip = "16.146.72.177" mktowett@Kiprotichs-MacBook-Pro Day2 % </span></code></pre> </div> <p>in the event you want a specific output you could always pass the name give to that output after the command above and it will print out the results </p> <p><code>terraform output &lt;output-name&gt;</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="go">mktowett@Kiprotichs-MacBook-Pro Day2 % terraform output public_ip "16.146.72.177" mktowett@Kiprotichs-MacBook-Pro Day2 % </span></code></pre> </div> aws devops terraform tutorial Deploying Your First Server with Terraform marvintowett Tue, 24 Mar 2026 17:52:02 +0000 https://dev.to/mktowett/deploying-your-first-server-with-terraform-1fmc https://dev.to/mktowett/deploying-your-first-server-with-terraform-1fmc <p>Terraform de is written in the HarshiCorp Configuration Language (HCL) in files with extestion <code>.tf</code>.HCL is a declarative language. You describe what you want and terraform will figure out how to handle it.<br> Terrafrom can be used to create infrastructure across a wide variety of platforms eg AWS,Google, DigitalOcean etc. In Terrafrom these are called <code>providers</code>.</p> <p>In my previous blog i showed you how to create an EC2 instance on AWS. Today we will be looking at running a web server on our instance that can respond to HTTP request.</p> <p>In this example we will get an EC2 Instance to run a script. Since its a one liner we will use busybox and plain Ubuntu 20.04 AMI. We shall run the "hello world!" script as part of the ec2 Instance's <code>User Data</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight terraform"><code><span class="k">provider</span> <span class="s2">"aws"</span> <span class="p">{</span> <span class="nx">region</span> <span class="p">=</span> <span class="s2">"us-west-2"</span> <span class="p">}</span> <span class="k">resource</span> <span class="s2">"aws_instance"</span> <span class="s2">"example"</span> <span class="p">{</span> <span class="nx">ami</span> <span class="p">=</span> <span class="s2">"ami-0735c191cf914754d"</span> <span class="nx">instance_type</span> <span class="p">=</span> <span class="s2">"t3.micro"</span> <span class="nx">vpc_security_group_ids</span> <span class="p">=</span> <span class="p">[</span><span class="nx">aws_security_group</span><span class="p">.</span><span class="nx">instance</span><span class="p">.</span><span class="nx">id</span><span class="p">]</span> <span class="nx">tags</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">Name</span> <span class="p">=</span> <span class="s2">"mk-terraform-example"</span> <span class="p">}</span> <span class="nx">user_data</span> <span class="p">=</span> <span class="o">&lt;&lt;-</span><span class="no">EOF</span><span class="sh"> #!/bin/bash echo "Hello, World" &gt; index.html nohup busybox httpd -f -p 8080 &amp; </span><span class="no"> EOF </span> <span class="nx">user_data_replace_on_change</span> <span class="p">=</span> <span class="kc">true</span> <span class="p">}</span> <span class="k">resource</span> <span class="s2">"aws_security_group"</span> <span class="s2">"instance"</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"mk-terraform-security-group"</span> <span class="nx">ingress</span> <span class="p">{</span> <span class="nx">from_port</span> <span class="p">=</span> <span class="mi">8080</span> <span class="nx">to_port</span> <span class="p">=</span> <span class="mi">8080</span> <span class="nx">protocol</span> <span class="p">=</span> <span class="s2">"tcp"</span> <span class="nx">cidr_blocks</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"0.0.0.0/0"</span><span class="p">]</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <blockquote> <p>Note: <code>user_data_replace_on_change</code> paramater is set to true so that when User Data changes and you apply on terraform it will terminate the original instance and create a new one.</p> </blockquote> <p>In the code above we have introduced a new resource, <code>security group</code> to allow the EC2 instance to receive traffic on port 8080.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight terraform"><code><span class="k">resource</span> <span class="s2">"aws_security_group"</span> <span class="s2">"instance"</span> <span class="p">{</span> <span class="nx">name</span> <span class="p">=</span> <span class="s2">"mk-terraform-security-group"</span> <span class="nx">ingress</span> <span class="p">{</span> <span class="nx">from_port</span> <span class="p">=</span> <span class="mi">8080</span> <span class="nx">to_port</span> <span class="p">=</span> <span class="mi">8080</span> <span class="nx">protocol</span> <span class="p">=</span> <span class="s2">"tcp"</span> <span class="nx">cidr_blocks</span> <span class="p">=</span> <span class="p">[</span><span class="s2">"0.0.0.0/0"</span><span class="p">]</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>The code above creates a new resource called <code>mk-terraform-security-group</code>. this code specifies that this group allows incoming TCP request on port 8080 from all IP ranges.</p> <p>After creating the security group, we passed the ID of the security group into the vpc_security_group_ids.</p> <p><code>vpc_security_group_ids = [aws_security_group.instance.id]<br> </code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight terraform"><code><span class="k">resource</span> <span class="s2">"aws_instance"</span> <span class="s2">"example"</span> <span class="p">{</span> <span class="nx">ami</span> <span class="p">=</span> <span class="s2">"ami-0735c191cf914754d"</span> <span class="nx">instance_type</span> <span class="p">=</span> <span class="s2">"t3.micro"</span> <span class="nx">vpc_security_group_ids</span> <span class="p">=</span> <span class="p">[</span><span class="nx">aws_security_group</span><span class="p">.</span><span class="nx">instance</span><span class="p">.</span><span class="nx">id</span><span class="p">]</span> <span class="nx">tags</span> <span class="p">=</span> <span class="p">{</span> <span class="nx">Name</span> <span class="p">=</span> <span class="s2">"mk-terraform-example"</span> <span class="p">}</span> <span class="nx">user_data</span> <span class="p">=</span> <span class="o">&lt;&lt;-</span><span class="no">EOF</span><span class="sh"> #!/bin/bash echo "Hello, World" &gt; index.html nohup busybox httpd -f -p 8080 &amp; </span><span class="no"> EOF </span> <span class="nx">user_data_replace_on_change</span> <span class="p">=</span> <span class="kc">true</span> <span class="p">}</span> </code></pre> </div> terraform eveops hashicorp awschallenge Terraform: Enviroment Setup marvintowett Thu, 19 Mar 2026 16:51:29 +0000 https://dev.to/mktowett/terraform-enviroment-setup-4hmn https://dev.to/mktowett/terraform-enviroment-setup-4hmn <p>Today is day 2 of the 30 Day Challenge actually day 3 of the challenge i seem to have slacked a bit but we are here for the task: Environment setup. <br> In todays task we are going to cover the following:</p> <ol> <li> Set Up AWS Account</li> <li>Install and Configure the AWS CLI</li> <li>Install Terraform</li> <li>Connect Terraform to AWS</li> </ol> <p>These are our matching orders and we are going to tackle them one after the other ensuring that i show you each and every step while explaining exactly what is happening as simple as i can get.</p> <h3> SETUP AWS ACCOUNT </h3> <p>In order to create this account you will need to have:</p> <ul> <li>valid email address</li> <li>phone number for verification</li> <li>credit or debit card <em>(for this series we will not exceed the free tier. best believe we will not fall prey to AWS charges only if you follow my guide step by step -- also terraform address resource creation and management to mitigate running unused resource that may be forgotten in the event of clickOps)</em> </li> </ul> <h4> REGISTRATION STEPS </h4> <ol> <li>Go to AWS Sign-Up page: visit url <a href="https://aws.amazon.com" rel="noopener noreferrer">https://aws.amazon.com</a> and click Create AWS Account</li> <li>Enter Root Email and Account Name</li> <li>Verify Your Email</li> <li>Set a Strong Root Password</li> <li>Enter Contact Information</li> <li>Verify Your Identity </li> <li>Choose a Support Plan</li> </ol> <h3> INSTALL AND CONFIGURE AWS CLI </h3> <p>In order for terraform to authenticate it use's AWS CLI's credentials. Below are the steps to configure it.</p> <h4> Install AWS CLI </h4> <p><strong>macOS</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code># Using Homebrew brew install awscli # Verify installation aws --version </code></pre> </div> <p><strong>Linux (ubuntu/Debian)</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code># Download and install curl 'https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip' -o 'awscliv2.zip' unzip awscliv2.zip sudo ./aws/install # Verify aws --version </code></pre> </div> <p><strong>Windows</strong></p> <p>Download the MSI installer from <a href="https://aws.amazon.com/cli/" rel="noopener noreferrer">https://aws.amazon.com/cli/</a> and run the installer, then verify in<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>aws --version </code></pre> </div> <h4> CONFIGURE AWS CLI </h4> <ul> <li>We shall head over to AWS and navigate to <strong>IAM</strong>. </li> <li>Here we shall navigate to <strong>Users</strong>. </li> <li>Where we are going to click on <strong>Create user</strong> </li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F89r1sl1pk48nmxmfh6h5.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F89r1sl1pk48nmxmfh6h5.png" alt=" " width="800" height="195"></a></p> <ul> <li>Enter a username and select checkbox - <em>Provide user access to the AWS Management Console</em> </li> <li>You will then proceed to <strong>Set Permissions</strong> </li> <li>Select <strong>Attach policies directly</strong> </li> <li>In the Permissions Policies add <em>AdministratorAccess</em> </li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ft6ltv13ssn5hg0uoul1x.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ft6ltv13ssn5hg0uoul1x.png" alt=" " width="800" height="268"></a></p> <ul> <li>Click <strong>Create User</strong> and you will be given a password that you will need to save to be used later on.</li> </ul> <h5> CREATE ACCESS KEYS </h5> <ul> <li>Select you created user in the Users list </li> <li>Click Create access key in the <strong>Summary</strong> box or Select <strong>Security credentials</strong> and scroll to <strong>Access Keys</strong> </li> <li>Select <strong>Command Line Interface</strong> under use case </li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F1cnezn5v4i4tr4q2hhez.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F1cnezn5v4i4tr4q2hhez.png" alt=" " width="800" height="233"></a></p> <ul> <li>add description and confirm</li> <li>you will be shown the in the next view <strong>Access key</strong> and <strong>Secret Access</strong> key that you will save.</li> </ul> <h4> CONFIGURE AWS CLI </h4> <ul> <li>Run command below to configure CLI </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> aws configure </code></pre> </div> <ul> <li>You will be prompted with the following </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>AWS Access Key ID [None]: AKIAIOSFODNN7EXAMPLE AWS Secret Access Key [None]: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY Default region name [None]: us-east-1 Default output format [None]: json </code></pre> </div> <ul> <li>Verify configs </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>aws sts get-caller-identity </code></pre> </div> <p><em>Note: your credentials will be stored in two files on your machines</em></p> <ul> <li><em><code>~/.aws/credentials</code> — stores your keys</em></li> <li><em><code>~/.aws/config</code> — stores region and output format</em></li> </ul> <h3> INSTALL TERRAFORM </h3> <p>Once you have successfully installed and configured AWS CLI we will proceed with the start of the show Terraform.<br> In order to install terraform run the commands below</p> <p><strong>macOS</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>brew tap hashicorp/tap brew <span class="nb">install </span>hashicorp/tap/terraform </code></pre> </div> <p><strong>Linux</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">sudo </span>apt-get update <span class="o">&amp;&amp;</span> <span class="nb">sudo </span>apt-get <span class="nb">install</span> <span class="nt">-y</span> gnupg software-properties-common wget <span class="nt">-O-</span> https://apt.releases.hashicorp.com/gpg | <span class="se">\</span> gpg <span class="nt">--dearmor</span> | <span class="se">\</span> <span class="nb">sudo tee</span> /usr/share/keyrings/hashicorp-archive-keyring.gpg <span class="nb">echo</span> <span class="s2">"deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] </span><span class="se">\</span><span class="s2"> https://apt.releases.hashicorp.com </span><span class="si">$(</span>lsb_release <span class="nt">-cs</span><span class="si">)</span><span class="s2"> main"</span> | <span class="se">\</span> <span class="nb">sudo tee</span> /etc/apt/sources.list.d/hashicorp.list <span class="nb">sudo </span>apt update <span class="o">&amp;&amp;</span> <span class="nb">sudo </span>apt <span class="nb">install </span>terraform </code></pre> </div> <p><strong>Windows</strong> - <em>use chocolatey (recommended)</em><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight powershell"><code><span class="n">choco</span><span class="w"> </span><span class="nx">install</span><span class="w"> </span><span class="nx">terraform</span><span class="w"> </span></code></pre> </div> <p>Confirm installation:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>terraform <span class="nt">-version</span> You should see something like: Terraform v1.7.5 on linux_amd64 </code></pre> </div> <h3> CONNECT TERRAFORM TO AWS </h3> <p>First of all you are almost done this is where the magic happens. Connecting Terraform to AWS.<br> We are going to create an EC2 instance on amazon using terrafrom. </p> <ol> <li>Create a new project on visual studio.</li> <li>Create a file called <strong><em>main.tf</em></strong> and add the following code </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight terraform"><code> <span class="k">provider</span> <span class="s2">"aws"</span> <span class="p">{</span> <span class="nx">region</span> <span class="p">=</span> <span class="s2">"us-west-2"</span> <span class="p">}</span> <span class="k">resource</span> <span class="s2">"aws_instance"</span> <span class="s2">"name-example"</span> <span class="p">{</span> <span class="nx">ami</span> <span class="p">=</span> <span class="s2">"ami-0735c191cf914754d"</span> <span class="nx">instance_type</span> <span class="p">=</span> <span class="s2">"t3.micro"</span> <span class="p">}</span> </code></pre> </div> <p>The above code creates a simple instance of a linux box in the region us-west-s.<br> <strong>Note</strong>: <em>different regions have different resource id so if you change the region you will need to search the corresponding</em> <code>ami</code> </p> <p>The table below shows the command you need to run to initialize and create an instance on AWS</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Command</th> <th>Description</th> </tr> </thead> <tbody> <tr> <td><code>terraform init</code></td> <td>Initialize a working directory</td> </tr> <tr> <td><code>terraform plan</code></td> <td>Preview changes before applying</td> </tr> <tr> <td><code>terraform apply</code></td> <td>Apply the infrastructure changes</td> </tr> <tr> <td><code>terraform destroy</code></td> <td>Tear down all managed resources</td> </tr> <tr> <td><code>terraform fmt</code></td> <td>Format your <code>.tf</code> files</td> </tr> <tr> <td><code>terraform validate</code></td> <td>Check config for errors</td> </tr> </tbody> </table></div> <p>Now we you head over to AWS you will see you instance initalized and running </p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fboh10wmumey09ud3nk3r.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fboh10wmumey09ud3nk3r.png" alt=" " width="800" height="187"></a></p> <p>Just like that you have created your first instance programatically! </p> <p>i'll see you on Day 3</p> <p>Part of the #30DayTerraformChallenge | #Terraform | #IaC | #HashiCorp | #AWSUserGroupKenya | #EveOps</p> 30dayterraformchallenge terraform awsusergroupkenya eveops