DEV Community

Cover image for Terraform Doesn’t Talk to AWS Directly… and That Confused Me a LOT
Sreya Sharma
Sreya Sharma

Posted on

Terraform Doesn’t Talk to AWS Directly… and That Confused Me a LOT

#aws #terraform #devops #beginners

Terraform is often introduced as a tool that allows engineers to build and manage infrastructure using code. However, during Day 02 of learning Terraform, it became clear that Terraform alone cannot interact with cloud platforms such as AWS. This responsibility is handled by Terraform providers, which form the foundation of any Terraform workflow.

This blog covers what Terraform providers are, why they are essential, how to configure the AWS provider, how Terraform authenticates using AWS access keys, and the role of the terraform init and terraform plan commands in managing infrastructure safely.

What Is a Terraform Provider?

  • A Terraform provider is a plugin that enables Terraform to communicate with external services such as cloud platforms, SaaS applications, and APIs.
  • Terraform does not understand the native APIs of AWS, Azure, or Google Cloud. Providers act as translators by converting Terraform configuration written in HashiCorp Configuration Language (HCL) into API calls understood by the target platform.
  • For example, when a Terraform configuration defines an AWS EC2 instance, the AWS provider translates that definition into corresponding AWS API requests. Without the provider, Terraform is only a set of configuration files with no ability to create or manage infrastructure.

Core Responsibilities of a Terraform Provider

  1. A Terraform provider is responsible for:
  2. Authenticating with the target platform
  3. Understanding available resources and data sources
  4. Translating Terraform configurations into API requests
  5. Managing the lifecycle of resources (create, read, update, and delete) 6.In the case of AWS, the provider enables Terraform to interact with services such as EC2, S3, IAM, VPC, and many others.

**Configuring the AWS Provider in Terraform

Before any AWS resources can be managed, Terraform must be informed about which provider to use and which version of that provider is required.

Example AWS Provider Configuration
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 6.0"
}
}
}

provider "aws" {
region = "ap-south-1"
}
Explanation
The required_providers block tells Terraform where to download the provider from and which version constraints to apply.

The provider "aws" block configures provider-specific settings, such as the AWS region where resources will be created.

This configuration ensures that Terraform uses a consistent and compatible provider version across different environments.

Importance of Provider Versioning

  • Provider versioning plays a critical role in maintaining stability and predictability in infrastructure deployments.
  • Without version constraints, Terraform may automatically download newer versions of the provider that introduce breaking changes. These changes can modify existing behavior or invalidate previously valid configurations.

Using version constraints such as:
version = "~> 6.0"
ensures that Terraform only uses safe minor updates within the specified major version.

AWS Authentication Using Access Key and Secret Key

To interact with AWS APIs, Terraform needs valid AWS credentials. A common method for local development and learning is using an AWS Access Key and Secret Access Key.

Creating AWS Access Credentials

  1. Log in to the AWS Management Console
  2. Navigate to IAM and select a user
  3. Open the Security credentials tab
  4. Create a new access key
  5. Securely store the Access Key ID and Secret Access Key The secret key is displayed only once and should be stored securely.

Configuring Credentials Using AWS CLI

After generating the credentials, configure them using the AWS CLI:

aws configure

You will be prompted to enter:

  • AWS Access Key ID
  • AWS Secret Access Key
  • Default region
  • Default output format

Role of the terraform init Command

The terraform init command initializes a Terraform working directory and must be executed before running other Terraform commands.

terraform init

This command performs the following tasks:

  • Downloads the required provider plugins
  • Verifies provider version constraints
  • Creates the .terraform directory
  • Prepares Terraform to execute subsequent commands Any changes to provider configuration or backend settings require re-running terraform init.

Thanks to #piyushsachdeva sir for this amzing session!!
https://youtu.be/JFiMmaktnuM?si=UUOUU8IC5JVE4gkn

Top comments (0)