Open in app

Sign in

Write

Sign in

Getting started with Terraform on AWS

Sebastian Ravenscroft
5 min readMay 3, 2021

--

Terraform offers an easy way to manage your cloud resources. In this guide we will deploy a basic AWS setup using Terraform.

How Terraform works

Terraform is a declarative language which means you can simply specify the results you want. You tell Terraform the resources you want to run and it will keep track of them all for you.

Getting up and running

On a Mac the easiest way to install Terraform is using Homebrew.

brew install terraform​

terraform -v

Now make a new folder for your project, and create two files in the folder:

main.tf​

versions.tf

The content for versions.tf is simple, we just specify the versions we are using for Terraform and the AWS provider.

Terraform offers providers which let you work with lots of different cloud services. You can view a list of different providers in the Terraform registry.

Now let’s open up main.tf and setup the AWS provider.

The region parameter determines the location your resources will be hosted by AWS. Choose the code for your nearest available region.

To authenticate your AWS account we will create a credentials file stored on your computer.

Create the file from your terminal:

touch ~/aws/credentials​

nano ~/aws/credentials

In the credentials file you need to paste the Access Key and Secret Access Key for your AWS account.

If you don’t already have your access keys you can create them in the AWS console under the IAM service.

Click on Users on the left, choose the Security Credentials tab, and click Create access key

Now we’re ready to start Terraform. In your terminal open up the project folder and run:

terraform init

Let’s define our first resource and deploy it using Terraform. We’re going to make a new Virtual Private Cloud (VPC) which you can think of as a virtual network where we’re going to host our server and database.

Add this code block to your main.tf file:

What is a CIDR block?

The cidr_block setting is a way of assigning internal IP addresses to our network.

The CIDR block determines how specific our range of IP addresses should be, measured in bits.

An IP address has 32 bits so a CIDR block of /32 would limit our range to just one IP address.

In this case we chose a CIDR block of /16 which leaves the last 16 bits open. So our network can assign addresses from 10.0.0.0 up to 10.0.255.255.

Next let’s check the plan to see what Terraform is going to do when we run it:

terraform plan

This tells us Terraform is going to add one new resource which we just defined. Once we’re happy we can run terraform:

terraform apply

Now open the VPC service in the AWS console. You’ll see we’ve just deployed a new VPC (in addition to the default one which comes with your account).

Setting up a Subnet Group

In order to deploy resources in our VPC network we need to assign it some subnets.

Add this code block to the end of main.tf to define two subnets:

We’ve used the data block to access the Availability Zones from our AWS account.

We assign each subnet to a separate availability zone, and also assign them both to our VPC network.

Next add this code to main.tf to define a new Subnet Group which we will use to reference our two subnets.

It’s a good idea to tag your resources so you know which ones were created using Terraform.

Deploying an RDS database

We need to define the database, and also a Security Group. A Security Group is a set of rules which govern the kind of incoming and outgoing traffic we want to allow for our instance.

Add these two code blocks to the end of your main.tf file.

The RDS database is allocated 10GB storage to begin with but will scale up to 100GB if our needs grow.

For incoming traffic we only allow connections from within the VPC network, on port 5432 which is the default for Postgres.

Now we can use Terraform to deploy our changes.

terraform apply

If you open up the RDS service in your AWS console you’ll see the new database which will be up and running in a couple of minutes.

Deploying an EC2 instance

We need to define the EC2 instance and a Security Group. We also need to specify the Machine Image that we want to run on the instance and we will choose Ubuntu.

The instance type determines the speed and storage for the instance. We will choose a t2.micro instance.

We need to create an AWS Key Pair which we will use to control access to the instance. Create a new key pair in the AWS console and call it my-aws-key.pem. Save a copy of the key as you will need it later.

Add the following code to main.tf:

We also need to choose the Machine Image. Add this data block to main.tf which will search for the latest Ubuntu image.

Finally let’s specify a new Security Group for the EC2 instance which will allow normal web traffic (ports 80 and 443) and also let us SSH into the instance.

Finishing Up

When you no longer need your resources you can easily delete them by calling the destroy command from your terminal.

terraform destroy

Terraform
Deployment
Aws Ec2
Aws Rds
Infrastructure As Code

--

--

Sebastian Ravenscroft
Sebastian Ravenscroft

Written by Sebastian Ravenscroft

23 Followers
13 Following

London based full stack developer

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams