Scenario
In the previous section, we know how to set up Terraform on Ubuntu24.04. Now, in this section we will learn how to use the Terraform to Initialize and manage the infrastructure. Not by using AWS console, but use the CLI instead.
By the end of this article, you'll:
✅ Understand the Terraform workflow
✅ Write .tf file
✅ Create an actual S3 bucket and EC2 on AWS
✅ Understand what a state file
✅ Clean up resources properly
Quick Theory: The Terraform Workflow
Before we dive in, there are 4 commands that we need to know form the core Terraform workflow. You'll use these commands in every project, whether you're creating a simple S3 bucket or a complex multi-tier application with many services on AWS.
terraform init #Initialize the providers
terraform plan #See what resources will change
terraform apply #Build the real insfrastructure
terraform destroy #Clean up the resources after using
Understanding Terraform Files
Terraform uses files extension .tf written in HCL (HashiCorp Configuration Language). It's much simpler than it sounds!
Basic Structure:
# This is a comment
block_type "label" "name" {
argument = "value"
another_argument = 1234
}
Three main block types we'll use when edit the configuration:
terraform - Configuration settings
provider - Which cloud (AWS, Azure, GCP)
resource - What to create (S3, EC2, RDS etc...)
Ok now you see it simlifier than before right. Let's see them in action!
🛠️ Hands-On: Create Your First S3 Bucket
Step 1: Create Your Project Directory
# Create a directory for Terraform project
mkdir -p ~/terraform-project
cd ~/terraform-project
Create mns3.tf
nano mns3.tf # or use your favorite editor vim, vscode, etc...
Step 2: Write Your First Terraform Code
terraform {
required_version = ">= 1.0"
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 6.0"
}
}
}
provider "aws" {
region = "ap-southeast-1" #Choose the region that closest your country
}
# Create two S3 buckets
resource "aws_s3_bucket" "logs" {
bucket = "my-app-logs-shoeshop-2026"
tags = {
Name = "Application Logs"
Environment = "Development"
Purpose = "Logging"
}
}
resource "aws_s3_bucket" "backups" {
bucket = "my-app-backups-shoeshop-2026"
tags = {
Name = "Application Backups"
Environment = "Development"
Purpose = "Backup Storage"
}
}
# Outputs
output "logs_bucket_id" {
value = aws_s3_bucket.logs.id
}
output "backups_bucket_id" {
value = aws_s3_bucket.backups.id
}
⚠️ Important: Change the bucket name = "my-app-logs-shoeshop-2026" and "my-app-backups-shoeshop-2026" to differnt name because S3 bucket names must be globally unique across ALL AWS accounts!
Save the file
🚀 The 4 Commands in Action
Now comes the exciting part! Let's run our 4 magic commands.
Command 1: terraform init
This downloads the AWS provider plugin.
terraform init
You'll see:
What just happened?
- Terraform downloaded the AWS provider plugin
- Created a .terraform/ directory (hidden folder)
- Created .terraform.lock.hcl file (locks provider versions)
Pro Tip: You only need to run init once per project, or when you add new providers.
Command 2: terraform plan
This show you what Terraform will create (you can preview the change before apply it).
terraform plan
You'll see:
Understanding the output:
- means "will be created" ~ means "will be modified" (you'll see this later)
- means "will be destroyed" (known after apply) means AWS will generate this value This is your safety check! Always review the plan before applying.
Command 3: terraform apply
This actually creates the resources on AWS.
terraform apply
Type yes and press Enter.
You'll see:
🎉 Congratulations! You just created your first AWS resource with code!
Verify in AWS Console
Let's confirm it's really there:
Go to AWS S3 Console
You should see two bucket: my-app
Click on it and check the Tags tab - you'll see all the tags you defined!
This is the "enjoy!" moment - you created AWS infrastructure without clicking through the console!
🗂️ Understanding the State File
After running terraform apply, you'll notice a new file: terraform.tfstate
ls -al
You'll see:
.terraform/
.terraform.lock.hcl
main.tf
terraform.tfstate
What is the State File?
The state file is Terraform's memory. It stores:
- What resources Terraform created
- Current configuration of those resources
- Metadata and dependencies Let's peek inside:
cat terraform.tfstate
You'll see JSON with details about your S3 bucket - its name, ARN, region, tags, etc.
Why Does State Matter?
When you run terraform plan or terraform apply again, Terraform:
- Reads the state file to know what exists
- Compares it with your .tf files
- Calculates what needs to change Without state, Terraform wouldn't know what it created!
⚠️ Important State Rules:
Never edit state files manually
Never delete state files (you'll lose track of resources)
Never commit state files to Git (they contain sensitive data)
🧪 Let's Make a Change
Now let's see Terraform's power - making changes to existing infrastructure.
Edit mns3.tf file and add a new tag:
terraform {
required_version = ">= 1.0"
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 6.0"
}
}
}
provider "aws" {
region = "ap-southeast-1"
}
# Create two S3 buckets
resource "aws_s3_bucket" "logs" {
bucket = "my-app-logs-shoeshop-2026"
tags = {
Name = "Application Logs"
Environment = "Development"
Purpose = "Logging"
LastUpdated = "Today" # <- Add this new tag
}
}
resource "aws_s3_bucket" "backups" {
bucket = "my-app-backups-shoeshop-2026"
tags = {
Name = "Application Backups"
Environment = "Development"
Purpose = "Backup Storage"
LastUpdated = "Today" # <- Add this new tag
}
}
# Outputs
output "logs_bucket_id" {
value = aws_s3_bucket.logs.id
}
output "backups_bucket_id" {
value = aws_s3_bucket.backups.id
}
Run plan again:
terraform plan
You'll see:
# aws_s3_bucket.backups will be updated in-place
~ resource "aws_s3_bucket" "backups" {
id = "my-app-backups-shoeshop-2026"
~ tags = {
"Environment" = "Development"
+ "LastUpdated" = "Today"
"Name" = "Application Backups"
"Purpose" = "Backup Storage"
}
~ tags_all = {
+ "LastUpdated" = "Today"
# (3 unchanged elements hidden)
}
# (14 unchanged attributes hidden)
# (3 unchanged blocks hidden)
}
# aws_s3_bucket.logs will be updated in-place
~ resource "aws_s3_bucket" "logs" {
id = "my-app-logs-shoeshop-2026"
~ tags = {
"Environment" = "Development"
+ "LastUpdated" = "Today"
"Name" = "Application Logs"
"Purpose" = "Logging"
}
~ tags_all = {
+ "LastUpdated" = "Today"
# (3 unchanged elements hidden)
}
# (14 unchanged attributes hidden)
# (3 unchanged blocks hidden)
}
Plan: 0 to add, 2 to change, 0 to destroy.
Notice the ~ symbol - it means "modify existing resource"!
Apply the change:
terraform apply
Type yes when prompted.
Check AWS Console - your bucket now has the new tag!
This is Infrastructure as Code magic - you changed infrastructure by editing a text file!
🧹 Command 4: terraform destroy
Always clean up resources you're not using (to avoid unexpected charges).
terraform destroy
Terraform will show what it will delete:
# aws_s3_bucket.logs will be destroyed
- resource "aws_s3_bucket" "logs" {
- bucket = "my-app-logs-shoeshop-2026" -> null
- "Environment" = "Development"
- "LastUpdated" = "Today"
- "Name" = "Application Logs"
- "Purpose" = "Logging"
} -> null
.....
}
}
Plan: 0 to add, 0 to change, 2 to destroy.
Type yesto confirm.
Verify in AWS Console - your bucket is gone!
🎓 What You Just Learned
Let's recap what you accomplished:
✅ The Terraform Workflow:
init - Initialize project
plan - Preview changes
apply - Create resources
destroy - Clean up
✅ HCL Basics:
terraform block (configuration)
provider block (cloud provider)
resource block (what to create)
output block (display information)
✅ State Management:
- State file tracks resources
- Never edit state manually
- State enables change detection
✅ Real Infrastructure:
- Created actual AWS S3 bucket
- Modified existing resource
- Destroyed resources cleanly
Top comments (0)