DEV Community: Pavan Reddy cheedeti

Build a VPC With EC2 On Terraform!

Pavan Reddy cheedeti — Wed, 19 Nov 2025 15:21:46 +0000

✅ TASK 2 — Build a VPC With EC2 (Step-by-Step Guide)

Folder structure:

terraform-vpc/
 ├── main.tf
 ├── variables.tf
 ├── outputs.tf
 └── terraform.tfvars

STEP 1 — Create main.tf

provider "aws" {
  region = var.aws_region
}

# -----------------------
# VPC
# -----------------------
resource "aws_vpc" "main_vpc" {
  cidr_block           = var.vpc_cidr
  enable_dns_support   = true
  enable_dns_hostnames = true

  tags = {
    Name = "main-vpc"
  }
}

# -----------------------
# Public Subnet
# -----------------------
resource "aws_subnet" "public_subnet" {
  vpc_id                  = aws_vpc.main_vpc.id
  cidr_block              = var.public_subnet_cidr
  map_public_ip_on_launch = true
  availability_zone       = var.az

  tags = {
    Name = "public-subnet"
  }
}

# -----------------------
# Internet Gateway
# -----------------------
resource "aws_internet_gateway" "igw" {
  vpc_id = aws_vpc.main_vpc.id

  tags = {
    Name = "main-igw"
  }
}

# -----------------------
# Route Table
# -----------------------
resource "aws_route_table" "public_rt" {
  vpc_id = aws_vpc.main_vpc.id

  route {
    cidr_block = "0.0.0.0/0"
    gateway_id = aws_internet_gateway.igw.id
  }

  tags = {
    Name = "public-route-table"
  }
}

# -----------------------
# Route Table Association
# -----------------------
resource "aws_route_table_association" "public_assoc" {
  subnet_id      = aws_subnet.public_subnet.id
  route_table_id = aws_route_table.public_rt.id
}

# -----------------------
# Security Group
# -----------------------
resource "aws_security_group" "ec2_sg" {
  name        = "ec2_public_sg"
  description = "Allow SSH"
  vpc_id      = aws_vpc.main_vpc.id

  ingress {
    from_port   = 22
    to_port     = 22
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }

  tags = {
    Name = "EC2 Public SG"
  }
}

# -----------------------
# Key Pair
# -----------------------
resource "aws_key_pair" "my_key" {
  key_name   = "task2-key"
  public_key = file(var.public_key_path)
}

# -----------------------
# EC2 Instance
# -----------------------
resource "aws_instance" "public_ec2" {
  ami           = var.ami_id
  instance_type = "t2.micro"
  subnet_id     = aws_subnet.public_subnet.id
  key_name      = aws_key_pair.my_key.key_name
  vpc_security_group_ids = [aws_security_group.ec2_sg.id]

  tags = {
    Name = "public-ec2"
  }
}

STEP 2 — Create variables.tf
variable "aws_region" {
  type = string
}

variable "vpc_cidr" {
  type = string
}

variable "public_subnet_cidr" {
  type = string
}

variable "az" {
  type = string
}

variable "ami_id" {
  type = string
}

variable "public_key_path" {
  type = string
}

STEP 3 — Create outputs.tf
output "vpc_id" {
  value = aws_vpc.main_vpc.id
}

output "public_subnet_id" {
  value = aws_subnet.public_subnet.id
}

output "ec2_public_ip" {
  value = aws_instance.public_ec2.public_ip
}

STEP 4 — Create terraform.tfvars
aws_region          = "ap-south-1"
vpc_cidr            = "10.0.0.0/16"
public_subnet_cidr  = "10.0.1.0/24"
az                  = "ap-south-1a"
ami_id              = "ami-0f5ee92e2d63afc18"
public_key_path     = "~/.ssh/id_rsa.pub"

STEP 5 — Initialize Terraform

terraform init

STEP 6 — Validate Configuration

terraform validate

STEP 7 — Generate Execution Plan

terraform plan

STEP 8 — Apply and Build VPC + EC2

terraform apply

Type yes.

🎉 RESULT

Terraform will create:

✔ VPC
✔ Public Subnet
✔ Internet Gateway
✔ Route Table
✔ Route Table Association
✔ Security Group
✔ Key Pair
✔ EC2 Instance in Public Subnet

You will get:

ec2_public_ip = "13.x.x.x"

SSH into EC2:

ssh -i ~/.ssh/id_rsa ec2-user@<PUBLIC-IP>

🎉 RESULT

      + region          = "ap-south-1"
      + tags_all        = (known after apply)
    }

  # aws_route_table.public_rt will be created
  + resource "aws_route_table" "public_rt" {
      + arn              = (known after apply)
      + id               = (known after apply)
      + owner_id         = (known after apply)
      + propagating_vgws = (known after apply)
      + region           = "ap-south-1"
      + route            = [
          + {
              + cidr_block                 = "0.0.0.0/0"
              + gateway_id                 = (known after apply)
                # (11 unchanged attributes hidden)
            },
        ]
      + tags             = {
          + "Name" = "public-route-table"
        }
      + tags_all         = {
          + "Name" = "public-route-table"
        }
      + vpc_id           = (known after apply)
    }

  # aws_route_table_association.public_assoc will be created
  + resource "aws_route_table_association" "public_assoc" {
      + id             = (known after apply)
      + region         = "ap-south-1"
      + route_table_id = (known after apply)
      + subnet_id      = (known after apply)
    }

  # aws_security_group.ec2_sg will be created
  + resource "aws_security_group" "ec2_sg" {
      + arn                    = (known after apply)
      + description            = "Allow SSH"
      + egress                 = [
          + {
              + cidr_blocks      = [
                  + "0.0.0.0/0",
                ]
              + from_port        = 0
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "-1"
              + security_groups  = []
              + self             = false
              + to_port          = 0
                # (1 unchanged attribute hidden)
            },
        ]
      + id                     = (known after apply)
      + ingress                = [
          + {
              + cidr_blocks      = [
                  + "0.0.0.0/0",
                ]
              + from_port        = 22
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "tcp"
              + security_groups  = []
              + self             = false
              + to_port          = 22
                # (1 unchanged attribute hidden)
            },
        ]
      + name                   = "ec2_public_sg"
      + name_prefix            = (known after apply)
      + owner_id               = (known after apply)
      + region                 = "ap-south-1"
      + revoke_rules_on_delete = false
      + tags                   = {
          + "Name" = "EC2 Public SG"
        }
      + tags_all               = {
          + "Name" = "EC2 Public SG"
        }
      + vpc_id                 = (known after apply)
    }

  # aws_subnet.public_subnet will be created
  + resource "aws_subnet" "public_subnet" {
      + arn                                            = (known after apply)
      + assign_ipv6_address_on_creation                = false
      + availability_zone                              = "ap-south-1a"    
      + availability_zone_id                           = (known after apply)
      + cidr_block                                     = "10.0.1.0/24"    
      + enable_dns64                                   = false
      + enable_resource_name_dns_a_record_on_launch    = false
      + enable_resource_name_dns_aaaa_record_on_launch = false
      + id                                             = (known after apply)
      + ipv6_cidr_block_association_id                 = (known after apply)
      + ipv6_native                                    = false
      + map_public_ip_on_launch                        = true
      + owner_id                                       = (known after apply)
      + private_dns_hostname_type_on_launch            = (known after apply)
      + region                                         = "ap-south-1"     
      + tags                                           = {
          + "Name" = "public-subnet"
        }
      + tags_all                                       = {
          + "Name" = "public-subnet"
        }
      + vpc_id                                         = (known after apply)
    }

  # aws_vpc.main_vpc will be created
  + resource "aws_vpc" "main_vpc" {
      + arn                                  = (known after apply)
      + cidr_block                           = "10.0.0.0/16"
      + default_network_acl_id               = (known after apply)
      + default_route_table_id               = (known after apply)
      + default_security_group_id            = (known after apply)
      + dhcp_options_id                      = (known after apply)
      + enable_dns_hostnames                 = true
      + enable_dns_support                   = true
      + enable_network_address_usage_metrics = (known after apply)
      + id                                   = (known after apply)
      + instance_tenancy                     = "default"
      + ipv6_association_id                  = (known after apply)
      + ipv6_cidr_block                      = (known after apply)
      + ipv6_cidr_block_network_border_group = (known after apply)
      + main_route_table_id                  = (known after apply)
      + owner_id                             = (known after apply)
      + region                               = "ap-south-1"
      + tags                                 = {
          + "Name" = "main-vpc"
        }
      + tags_all                             = {
          + "Name" = "main-vpc"
        }
    }

Plan: 8 to add, 0 to change, 0 to destroy.

Changes to Outputs:
  + ec2_public_ip    = (known after apply)
  + public_subnet_id = (known after apply)
  + vpc_id           = (known after apply)

Terraform AWS EC2 Deployment – Beginner Project

Pavan Reddy cheedeti — Wed, 19 Nov 2025 15:02:00 +0000

Terraform AWS EC2 Deployment – Beginner Project

This project demonstrates how to deploy a simple EC2 instance (t2.micro) on AWS using Terraform.
It covers the fundamentals of Infrastructure as Code (IaC) — providers, resources, variables, outputs, security groups, and state management.

🚀 Project Features

AWS Provider configuration

EC2 instance deployment

Security Group creation

SSH Key Pair for authentication

Variables & Outputs

Terraform workflow (init → plan → apply → destroy)

🏗 Architecture

Terraform → AWS Provider → EC2 Instance (t2.micro)
└── Security Group (SSH 22)
└── Key Pair
✅ TASK 1 — Create a Simple EC2 Instance (FULL GUIDE)

Directory Structure:

terraform-ec2/
├── main.tf
├── variables.tf
├── outputs.tf
└── terraform.tfvars

STEP 1 — Install Terraform

(If already installed, skip)

terraform -v

STEP 2 — Create a Working Directory
mkdir terraform-ec2
cd terraform-ec2

STEP 3 — Configure AWS Provider (main.tf)

Create main.tf:

provider "aws" {
  region = var.aws_region
}

# Key pair
resource "aws_key_pair" "my_key" {
  key_name   = "terraform-key"
  public_key = file(var.public_key_path)
}

# Security group
resource "aws_security_group" "ec2_sg" {
  name        = "ec2_sg"
  description = "Allow SSH inbound traffic"

  ingress {
    description = "SSH"
    from_port   = 22
    to_port     = 22
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }
}

# EC2 instance
resource "aws_instance" "my_ec2" {
  ami           = var.ami_id
  instance_type = "t2.micro"
  key_name      = aws_key_pair.my_key.key_name
  vpc_security_group_ids = [aws_security_group.ec2_sg.id]

  tags = {
    Name = "terraform-ec2"
  }
}

STEP 4 — Create Variables File (variables.tf)

variable "aws_region" {
  description = "AWS region"
  type        = string
}

variable "ami_id" {
  description = "AMI ID for EC2"
  type        = string
}

variable "public_key_path" {
  description = "Path to your SSH public key"
  type        = string
}

STEP 5 — Add Outputs File (outputs.tf)

output "instance_public_ip" {
  value = aws_instance.my_ec2.public_ip
}

output "instance_id" {
  value = aws_instance.my_ec2.id
}

STEP 6 — Add Values (terraform.tfvars)

aws_region       = "ap-south-1"
ami_id           = "ami-0f5ee92e2d63afc18"  # Amazon Linux 2 (Mumbai)
public_key_path  = "~/.ssh/id_rsa.pub"

Use the correct AMI for your region.
You can get it from AWS Console → EC2 → Images → AMI.

STEP 7 — Create SSH Key (if you don’t have)

Run:

ssh-keygen -t rsa -b 4096

Press enter 3 times.
Your key will be created:

~/.ssh/id_rsa
~/.ssh/id_rsa.pub

STEP 8 — Initialize Terraform

terraform init

This downloads AWS provider plugins.

STEP 9 — Validate Config

terraform validate

STEP 10 — Preview Changes

terraform plan

STEP 11 — Apply (Create the EC2)

terraform apply

Type yes.
🎉 RESULT

Terraform creates:
✔ Key pair
✔ Security group
✔ EC2 instance (t2.micro)

You will see outputs like:

instance_public_ip = "13.x.x.x"
instance_id = "i-0abcd1234efg"

STEP 12 — Connect to your EC2 instance

ssh -i ~/.ssh/id_rsa ec2-user@<PUBLIC-IP>

Amazon Linux 2 uses ec2-user.

STEP 13 — Destroy Everything

When done:

terraform destroy

Type yes.

AWS Identity & Access Management ( IAM )

Pavan Reddy cheedeti — Fri, 07 Mar 2025 10:55:27 +0000

IAM is a service that helps you securely control access to AWS resources.

It allows you to manage users, roles, and permissions to define who can access what within your AWS environment.

Free Service: IAM is offered at no additional cost

Global Service
Root account created by default, shouldn't be used or shared
Create Users: You can create individual user accounts for people who need access to your AWS resources.
Assign Permissions: You can assign specific permissions to users, groups, or roles to control what actions they can perform on AWS services.
Create Groups: You can group users together and assign permissions to the group, making management easier for multiple users.
Create Roles: You can create roles to assign temporary permissions to AWS services or users, especially useful for securely managing permissions across different AS resources.
Define Policies: You can create and attach custom policies to define fine-grained permissions for controlling access to AWS resources.
Manage Federated Access: IAM allows integrating with external identity providers (like Active Directory) for centralized management of user access across AWS.

MFA

MFA (Multi-Factor Authentication) is an extra layer of security that requires users to provide two or more forms of verification, like a password and a code from their phone, to access their accounts.
Ex: username + password + security code.

IAM Ways of accessing AWS

The AWS Management Console provides a graphical, web-based approach.
The AWS CLI provides a command-line, scripting approach.
AWS SDKs and APls offer programmatic, code-based access, allowing users to integrate AWS directly into their applications.

AWS IAM Best Practices

Avoid using root account except of account setup.
Add user to a group and assign permission tò group
Use password policy or MFA
Use ACCESS KEYS for CLI/SDK
Never share ACCESS KEYS or Password
Audit the permission using IAM credential report.

"My Journey into DevOps: Learning, Building, and Growing 🚀"

Pavan Reddy cheedeti — Thu, 06 Mar 2025 12:11:04 +0000

Hey everyone! I'm Pavan reddy More, My goal? Become a DevOps Engineer! 💪

💡 What I'm Learning:
✅ AWS (EC2, IAM, CodePipeline)
✅ Linux & Shell Scripting
✅ CI/CD with GitHub Actions & AWS CodePipeline
✅ jenkins,Docker & Kubernetes (Coming soon!)

I'll be sharing my learnings, projects, and challenges as I move from Cloud to DevOps. Excited to connect and grow with this amazing community! 🙌

🚀 Let’s build, automate, and deploy together! Drop a comment if you're on a similar journey!

DevOps #AWS #CloudComputing #CI/CD #Linux #jenkins #Docker #Kubernetes