Introduction
Welcome to Day 2 of my 30-Day Terraform Challenge journey! Today is all about laying the foundation. As the saying goes, "Measure twice, cut once" — and in the DevOps world, that means setting up your environment correctly before writing a single line of infrastructure code.
In this guide, I'll walk you through exactly how I set up my Terraform environment, from creating an AWS account to validating that everything connects properly. Whether you're following along with the challenge or just getting started with Infrastructure as Code, this step-by-step guide will save you hours of troubleshooting.
Here is what we are going to accomplish
- A secure AWS account ready for infrastructure deployment
- A dedicated IAM user for Terraform (not using root credentials!)
- Terraform installed and verified on your machine
- AWS CLI configured and authenticated
- VS Code set up with essential extensions
- A fully validated environment with working commands
Step 1: AWS Account Setup
Creating Your Account
If you don't already have an AWS account, head over to Amazon and click "Create an AWS Account." You'll need:
- An email address
- A credit card (for verification — don't worry, we'll set up billing alerts!)
- Your phone number for verification
Pro Tip for Kenyan Readers: Based on my testing, M-PESA virtual Visa cards don't work for AWS account verification. You'll need an actual credit/debit card from a traditional bank. This caught me off guard, so I wanted to share this heads-up!
Immediate Security Steps — Do Not Skip!
As soon as your account is active:
- Enable MFA on Root Account
- Go to IAM → Dashboard
- Click "Add MFA" next to your root user
Use an authenticator app (Google Authenticator, Authy, or Microsoft Authenticator)
Scan the QR code and enter two consecutive codes to verify
Set Up Billing Alerts
Navigate to Billing Dashboard
Click "Billing preferences" in the left menu
Enable:
- Receive PDF invoice by email
- Receive Free Tier Usage Alerts
- Receive Billing Alerts
Go to CloudWatch → Alarms → Billing
Create an alarm for any estimated charges (I set mine at $5 and $20, I even have a $1 dollar alert 😂😂)
Why this matters: AWS services are powerful but can cost money. These alerts ensure you never get a surprise bill!
Step 2: Create a Dedicated IAM User for Terraform
Remember: Never use your root account for daily work! It's like using your master key as your house key — unnecessarily risky.
Creating the IAM User
- Log into AWS Console (as root user)
- Navigate to IAM service
- Click Users → Create user
- Username: terraform_challenge) (or your preferred name)
- Check: Provide user access to the AWS Management Console(optional but helpful)
- Check: I want to create an IAM user
- Click Next
Setting Permissions
For this challenge, we'll give broad permissions to learn without hitting permission errors:
- Select Attach policies directly
- Search and select AdministratorAccess
- Click Next" → "Create user
Production Note: In real-world scenarios, you'd want more granular permissions following the principle of least privilege. For learning, AdministratorAccess removes friction.
Creating Access Keys (for CLI access)
bash
- Click on your newly created user
- Go to Security credentials tab
- Scroll to Access keys → Create access key
- Choose Command Line Interface (CLI)
- Check the acknowledgment box
- Click Create access key
IMPORTANT: Download or copy your:
- Access Key ID (e.g., AKIAXXXXXXXXXXXXXXXX)
- Secret Access Key (e.g., wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY)
Store these securely — treat them like passwords!
If you do not save it immediately you will not be able to access them and you will have to create another access key
Step 3: Install and Configure AWS CLI
On Windows:
Download the installer from AWS CLI Installation Guide
Verify Installation
aws --version
# Expected output: aws-cli/2.15.28 Python/3.11.8 Darwin/23.1.0 source/arm64 prompt/off
Configure AWS CLI with Your IAM User
aws configure
Verify Installation
terraform version
# Expected output: Terraform v1.6.6 (plus provider info if in a directory with Terraform config)
You'll be prompted for:
AWS Access Key ID [None]: YOUR_ACCESS_KEY_ID
AWS Secret Access Key [None]: YOUR_SECRET_ACCESS_KEY
Default region name [None]: eu-north-1
Default output format [None]: json
Why I chose eu-north-1 (Stockholm):
- One of the newest AWS regions in Europe
- Excellent sustainability focus (powered by renewable energy)
- Great pricing competitive with other EU regions
- All modern AWS services available
Test Your Configuration
aws sts get-caller-identity
You should see output like:
{
"UserId": "AIDAEXAMPLEUSERID12345",
"Account": "123456789012",
"Arn": "arn:aws:iam::123456789012:user/terraform-user"
}
Step 4: Install Terraform
Installation Methods
On Windows:
Using Chocolatey:
choco install terraform
Verify Installation
terraform version
# Expected output: Terraform v1.6.6 (plus provider info if in a directory with Terraform config)
Step 5: Set Up VS Code for Terraform Development
Install VS Code Extensions
Open VS Code and install these extensions (Ctrl+Shift+X or Cmd+Shift+X):
- HashiCorp Terraform by HashiCorp
- AWS Toolkit by Amazon Web Services
- Prettier - Code formatter by Prettier (option but good for keeping markdown files nicely formatted)
- GitLens by GitKraken (optional but recommended)
Configure Terraform Formatting
Add this to your VS Code settings.json:
{
"[terraform]": {
"editor.defaultFormatter": "hashicorp.terraform",
"editor.formatOnSave": true,
"editor.formatOnSaveMode": "file"
}
}
**
Step 6: Full Validation — The Moment of Truth!
Run these four commands to confirm your environment is 100% ready:
1. Terraform Version
$ terraform version
Terraform v1.6.6
on darwin_arm64
2. AWS CLI Version
$ aws --version
aws-cli/2.15.28 Python/3.11.8 Darwin/23.1.0 source/arm64 prompt/off
3. AWS Identity Verification
$ aws sts get-caller-identity
{
"UserId": "AIDAEXAMPLEUSERID12345",
"Account": "123456789012", # Your account ID here
"Arn": "arn:aws:iam::123456789012:user/terraform_challenge"
}
4. AWS Configuration Check
$ aws configure list
Name Value Type Location
---- ----- ---- --------
profile <not set> None None
access_key ****************ABCD shared-credentials-file
secret_key ****************WXYZ shared-credentials-file
region eu-north-1 config-file ~/.aws/config
If all four commands run without errors — congratulations! Your environment is ready to rock! If not try again, give it as many chances as you gave that man
Challenges I Encountered (And How I Fixed Them)
Challenge 1: IAM Policy Propagation Delay
Issue: After attaching AdministratorAccess to my IAM user, commands still failed with access denied.
Solution: AWS policies can take 30-60 seconds to propagate. I waited a minute and tried again — it worked! Pro tip: grab a coffee after creating IAM users before testing.
Challenge 2: Region Selection Paralysis
Issue: I spent too long deciding which region to use.
Solution: I learned that for learning, any region works. I chose eu-north-1 because it has all services available and it was the first one I was ever introduced to so I am a bit attached. The key is to be consistent — pick one and stick with it!
Why IAM Users vs. Root Matters
If I used root credentials:
- Full account access if compromised
- Can't track which person made changes
- No ability to rotate keys per project
- Violates security best practices
With IAM user:
- Limited permissions (principle of least privilege)
- Separate credentials per project/environment
- Easy revocation if compromised
- Clear audit trail in CloudTrail
This is why we invested time in proper IAM setup — it's not bureaucracy, it's security best practice!
Bonus: Your First Terraform Test
Let's quickly test that everything works by creating a simple S3 bucket:
Create a file main.tf:
hcl
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 5.0"
}
}
}
provider "aws" {
region = "eu-north-1"
}
resource "random_string" "suffix" {
length = 8
special = false
upper = false
}
resource "aws_s3_bucket" "test" {
bucket = "terraform-challenge-test-${random_string.suffix.result}"
force_destroy = true
}
output "bucket_name" {
value = aws_s3_bucket.test.bucket
}
Run:
terraform init # Downloads AWS provider
terraform plan # Shows what will be created
terraform apply # Creates the bucket (type 'yes' to confirm)
terraform destroy # Cleans up to avoid charges
This test confirms your entire pipeline works!
Chapter 2 Learnings: What I Actually Learned from "Terraform: Up & Running"
After reading Chapter 2, here are the genuine insights I gained:
How Terraform REALLY Authenticates with AWS
The book explains that Terraform doesn't just magically connect to AWS it needs credentials, and there's a specific order of precedence for finding them:
- *Environment variables *(AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY) These take highest priority
- Shared credentials file (~/.aws/credentials) — Created when you run aws configure
- IAM instance profile — If you're running on an EC2 instance with an assigned IAM role -Provider block — Hardcoding credentials directly in the code (last resort, least secure)
The Critical Mistake Most Beginners Make
The book emphasizes something I almost missed: never hardcode credentials in your Terraform files.
Key Takeaway: Immutable Infrastructure
The book introduces the concept of immutable infrastructure Instead of SSH-ing into servers to fix things (mutable), you:
- Make changes in code
- Destroy old servers
- Launch new servers with the changes
- This prevents configuration drift and "snowflake servers" — every server is identical and repeatable!
Conclusion
Day 2 of the 30-Day Terraform Challenge is complete! We've built a solid foundation that will serve us throughout this journey and beyond.
What We Accomplished Today:
_- Secure AWS account with MFA and billing alerts
- Dedicated IAM user for Terraform
- AWS CLI installed and configured
- Terraform installed and verified
- VS Code extensions for productive development
- Full environment validation
- Test deployment of an S3 bucket_
Key Takeaways:
- Security first — never use root credentials for daily work
- Validation matters — run those four commands to confirm everything connects
- Documentation saves time — writing this guide helped me understand concepts deeper
- Tooling improves productivity — VS Code extensions make Terraform development smoother
Have you set up your Terraform environment? What challenges did you face? Drop a comment below or reach out on social media — I'd love to hear about your journey!
Top comments (0)