Once again I came into a pleasure to create some AWS infrastructure. And while I’ve had to remember some of the steps, I’ve written them down this time for everyone… This article is about getting started with Hashicorp’s Terraform and AWS resources. If you interested in Google Cloud, please read Terraforming GCP

So what do we need to start…

Terraform binary

Of course, you need terraform binary. Download Terraform from https://www.terraform.io/downloads.html and put it in the PATH Environment variable of your system.

For most Linux distributions the following commands will do the whole job:

#Linux example.
#1) download
wget https://releases.hashicorp.com/terraform/0.12.0/terraform_0.12.0_linux_amd64.zip
#2) Unzip
unzip terraform_0.12.0_linux_amd64.zip
#3) Install
sudo mv terrafrom /usr/bin/

Probably there is a newer terraform version around when you read this article. Take newest.

Initial configuration

There is no further configuration needed for terraform binary itself. So when you have a binary on your system you just can start work with it, for example by checking the version of it.

terraform -v

or getting some help over basic commands.

terraform help

I would say the rest of the configuration is project-specific, not terraform-specific.

Getting AWS credentials

Here we’re looking on Amazon Cloud project, so first of all make sure you have an AWS Account and access to it with enough rights to provide needed resources.

Then you have to tell terraform to use credentials of the AWS user to access our AWS account.

AWS credentials

I believe the most convenient way to do so is using shared credentials file

In the case of Linux, terraform will check the existence of ~/.aws/credentials configuration first. In fact, this is the configuration file used by awscli (AWS console client).

You can create this file by installing awscli and configuring it like:

#install it
pip3 install awscli --upgrade --user
#configure it
aws configure
AWS Access Key ID [None]: XXXXXXXXXXXXXXXXEXAMPLE
AWS Secret Access Key [None]: YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYEXAMPLEKEY
Default region name [None]: eu-central-1
Default output format [None]: json

I do recommend this way, but if you like you can create ~/.aws/credentials manually and fill it like this:

cat ~/.aws/credentials
[default]
aws_access_key_id = XXXXXXXXXXXXXXXXEXAMPLE
aws_secret_access_key = YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYEXAMPLEKEY

exchange with your keys of course and it will work as well.

Terraform AWS config

Now there is a minimum of config in your terraform project needed. Terraform needs to know that aws provider will be used. The only needed parameter is the default region in this case.

provider "aws" {
  region     = "eu-central-1"
}

AWS regions list to help you find the right one.

Well, that’s all for a minimal start. You can start provisioning desired resources. I will not cover this broad topic in this article, please leave a comment if you like to see some information about it too.

Improvement: Remote state in AWS

Of course, you can start and manage state of your AWS resources somehow locally or by committing it into git. But in my opinion, there is no reason not to start with remote state management. Especially if you plan to share your work or work as a team. Just do it from the beginning.

And also that this is relatively simple configuration task in terraforming.

terraform {
  backend "s3" {
    bucket = "terraform"
    key    = "infra-baseline"
    region = "eu-central-1"
  }
}

Above you see AWS S3 Bucket selected as remote state location to keep the terraform state. AWS S3 Bucket name is terraform and infrabaseline is a folder in that bucket.

Take a look on documentation for details

==Make sure this bucket exists in advance for this configuration==

Initialization

Now we are ready to create AWS resources. Let’s check if terraform can init the provided configuration:

terraform init

If triggered for the first time it should download missing modules (AWS provider in our case) and you should see something like:

Initializing the backend...

Initializing provider plugins...
- Checking for available provider plugins...
- Downloading plugin for provider "aws" (terraform-providers/aws) 2.12.0...

The following providers do not have any version constraints in configuration,
so the latest version was installed.

To prevent automatic upgrades to new major versions that may contain breaking
changes, it is recommended to add version = "..." constraints to the
corresponding provider blocks in configuration, with the constraint strings
suggested below.

* provider.aws: version = "~> 2.12"

Terraform has been successfully initialized!
...

Now you are really ready to go! So simple it was.


Might be interesting as well: 2017: Some notes on terrafoming of AWS and article on Terraforming of GCP