If you are just getting into Infrastructure as Code, the setup phase is where a lot of people quietly give up. Not because it is hard, but because there are several moving parts and it is not always obvious how they connect. This post walks through exactly how I set up my Terraform environment on Windows as part of the 30-Day Terraform Challenge, so you can follow the same steps without the guesswork.
What you will need before you start:
- A Windows machine
- An AWS account (free tier works)
- Willingness to learn
Step 1: Create your AWS account and set up an IAM user
Go to aws official website and create an account if you do not have one. Once you are in, the first thing you should do is enable MFA on your root account. The root user has unrestricted access to everything in your account, and you do not want to use it for day-to-day work.
Next, create a dedicated IAM user for Terraform. Go to the IAM console, click Users, then Add Users. Give it a name like terraform (the new AWS UI select programmatic access by default). Attach the AdministratorAccess managed policy for now since this is a learning environment.
When you finish creating the user, AWS will show you an Access Key ID and a Secret Access Key. Download or copy these immediately. AWS will not show the secret key again after you close that screen.
Also set up a billing alert before you do anything else. Go to the Billing console, enable billing alerts, then create a CloudWatch alarm. Even on the free tier, it is good practice to know when you are approaching a spend threshold.
Step 2: Install the AWS CLI
Download the AWS CLI installer for Windows from the official AWS documentation page. It is a standard .msi file, so run it and follow the prompts.
Once installed, open Git Bash or your terminal of choice and run:
aws --version
You should see something like:
aws-cli/2.31.29 Python/3.13.9 Windows/10 exe/AMD64
Now configure it with your IAM user credentials:
aws configure
You will be prompted for four things: your Access Key ID, your Secret Access Key, your default region, and your output format. For output format, json is fine.
Verify the configuration with:
aws configure list
And confirm your identity with:
aws sts get-caller-identity
If you see your Account ID and the ARN of your IAM user in the output, your AWS CLI is correctly connected.
Step 3: Install Terraform
I installed Terraform manually from Hashicorp official website. On the downloads page, select Windows and download the AMD64 zip file.
Once downloaded, extract the zip. You will get a single binary called terraform.exe. Move this file to a folder on your machine, then add that folder to your system PATH so you can run Terraform from any directory.
To add it to PATH on Windows: search for “Environment Variables” in the Start menu, click “Edit the system environment variables”, then under System Variables find Path, click Edit, and add the folder where you placed terraform.exe.
Open a new terminal window after doing this, then run:
terraform version
You should see the version number printed out. That confirms Terraform is installed and accessible from the command line.
Step 4: Set up VS Code
If you are using Visual Studio Code, install two extensions: HashiCorp Terraform and AWS Toolkit. The HashiCorp Terraform extension gives you syntax highlighting, autocompletion, and formatting for .tf files. The AWS Toolkit lets you interact with AWS services directly from VS Code.
Create a folder for your Terraform project and open it in VS Code. This will be your working directory for all the infrastructure code you write going forward.
How these tools connect
It helps to understand what each tool is actually doing before you start writing code.
Terraform reads your .tf configuration files and talks to AWS on your behalf using the AWS provider. But Terraform itself does not store your AWS credentials. It finds them through the same credential chain that the AWS CLI uses: first it checks for environment variables, then it looks at the shared credentials file that aws configure creates at ~/.aws/credentials.
This is why running aws configure before using Terraform matters. You are not just setting up the CLI, you are creating the credentials file that Terraform will also read.
The IAM user is the identity Terraform assumes when it calls the AWS API. Everything Terraform creates, modifies, or destroys in your account will be done as that user. That is why you create a dedicated one instead of using root, so you have a clear record of what Terraform did and you can tighten permissions later as you get more specific about what your configuration actually needs.
Validating the full setup
Once all four tools are in place, run these commands and confirm you get clean output on each:
terraform version
aws --version
aws sts get-caller-identity
aws configure list
If all four return without errors, your environment is ready. From here you can start writing actual Terraform code and deploying infrastructure.
Top comments (0)