Terraform Basics: Manage Your Infrastructure as Code in 30 Minutes
If you're still managing servers by clicking through cloud consoles — this is for you.
Terraform lets you define your entire infrastructure in code. Reproducible, version-controlled, reviewable.
Why Infrastructure as Code
Without IaC:
- "I'm not sure what settings I used on the production server"
- Can't recreate your setup if the server dies
- No audit trail for infrastructure changes
With Terraform:
- Your entire infra is a git repo
- Recreate production in 10 minutes
- Review infrastructure changes like code reviews
Install Terraform
# Mac
brew tap hashicorp/tap && brew install hashicorp/tap/terraform
# Ubuntu/Debian
wget -O- https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list
sudo apt update && sudo apt install terraform
terraform --version
Your First Terraform Config (DigitalOcean Droplet)
# main.tf
terraform {
required_providers {
digitalocean = {
source = "digitalocean/digitalocean"
version = "~> 2.0"
}
}
}
provider "digitalocean" {
token = var.do_token
}
variable "do_token" {
description = "DigitalOcean API token"
sensitive = true
}
resource "digitalocean_droplet" "web" {
name = "web-server-1"
region = "nyc3"
size = "s-1vcpu-1gb"
image = "ubuntu-22-04-x64"
ssh_keys = [digitalocean_ssh_key.default.fingerprint]
tags = ["web", "production"]
}
resource "digitalocean_ssh_key" "default" {
name = "my-key"
public_key = file("~/.ssh/id_ed25519.pub")
}
output "droplet_ip" {
value = digitalocean_droplet.web.ipv4_address
}
# Initialize (downloads provider plugins)
terraform init
# Preview what will be created
terraform plan
# Apply (creates the resources)
terraform apply
# Destroy when done
terraform destroy
State Management
Terraform tracks what it's created in a state file. For teams, store state remotely:
terraform {
backend "s3" {
bucket = "my-terraform-state"
key = "production/terraform.tfstate"
region = "us-east-1"
# Enable state locking
dynamodb_table = "terraform-locks"
encrypt = true
}
}
Practical Example: Full Stack (Droplet + Firewall + Domain)
resource "digitalocean_droplet" "app" {
name = "app-server"
region = "nyc3"
size = "s-2vcpu-2gb"
image = "ubuntu-22-04-x64"
ssh_keys = [digitalocean_ssh_key.default.fingerprint]
}
resource "digitalocean_firewall" "app" {
name = "app-firewall"
droplet_ids = [digitalocean_droplet.app.id]
inbound_rule {
protocol = "tcp"
port_range = "22"
source_addresses = ["YOUR_IP/32"] # SSH only from your IP
}
inbound_rule {
protocol = "tcp"
port_range = "80"
source_addresses = ["0.0.0.0/0", "::/0"]
}
inbound_rule {
protocol = "tcp"
port_range = "443"
source_addresses = ["0.0.0.0/0", "::/0"]
}
outbound_rule {
protocol = "tcp"
port_range = "all"
destination_addresses = ["0.0.0.0/0", "::/0"]
}
}
resource "digitalocean_domain" "app" {
name = "yourdomain.com"
ip_address = digitalocean_droplet.app.ipv4_address
}
Essential Terraform Commands
terraform init # Initialize project
terraform plan # Preview changes
terraform apply # Apply changes
terraform destroy # Destroy all resources
terraform show # Show current state
terraform output # Show outputs
terraform fmt # Format .tf files
terraform validate # Validate config syntax
I built ARIA to solve exactly this.
Try it free at step2dev.com — no credit card needed.
Top comments (0)