How to use Terraform to provision EC2 on AWS

How to use Terraform to provision EC2 on AWS

Infrastructure management has changed a lot over the years. Historically, your traditional systems administrator would manage a rack full of servers. In a lot of cases, the initial setup would require manual intervention at the console.

That has changed. Using tools like Terraform, ansible and other CM, you can now provision infrastructure automatically (some might say automatically) with the click of a button or by running a script.

In this article, will see how to use Terraform to provision infrastructure on AWS.

Read More: How to Implement CDP on AWS using Terraform


Terraform is command line tool for building, changing, and versioning infrastructure, it supports popular cloud providers including Amazon AWS. Configuration files describe the infrastructure components needed to run a single application, for example, an EC2 instance with an attached EBS volume.

Terraform generates an execution plan, describing what it will do to reach the desired state, then executes it to build the described infrastructure. As the configuration changes, Terraform is able to determine what has changed and creates incremental execution plans that can be applied. The actual state of AWS resources managed by Terraform is stored in a terraform.tfstate file that is created after the first run of Terraform.

Key Features of Terraform

  • Infrastructure as code: Infrastructure is described using a high-level configuration syntax. This allows a blueprint of your datacenter to be versioned and treated as you would any other code. Additionally, infrastructure can be shared and re-used.
  • Execution plans: Terraform has a “planning” step where it generates an execution plan. The execution plan shows what Terraform will do when you call apply. This lets you avoid any surprises when Terraform manipulates infrastructure.
  • Resource graph: Terraform builds a graph of all your resources in order to create or modify non-dependent resources. Because of this, Terraform builds infrastructure as efficiently as possible, and operators get insight into dependencies in their infrastructure.
  • Change automation: Complex changesets can be applied to your infrastructure with minimal human interaction. With the previously mentioned execution plan and resource graph, you know exactly what Terraform will change and in what order, avoiding many possible human errors.


EC2 stands for Elastic Compute Cloud — the service that provides scalable computing capacity in the Amazon Web Services (AWS) cloud. Using EC2, you can launch virtual servers, setup networking and security for them, and attach storage, public IP addresses, or associated domain names. EC2 lets you scale up or down computing resources depending on changes in requirements or spikes in popularity, reducing your need to forecast traffic.

When you launch an instance, you associate it with one or more security groups: virtual firewalls enforcing a set of rules that control the traffic to and from instances. AMI (Amazon Machine Image) is a template that contains a software configuration, including an operating system and packages. Using AMI, you can launch an instance that contains a copy of the AMI running as a virtual server in AWS cloud.

Locations for running EC2 instances are composed of regions and availability zones. Each region is a separate geographic area. Each region has multiple, isolated locations known as Availability Zones. Amazon EC2 provides you the ability to place resources, such as instances and data, in multiple locations.

EBS (Elastic Block Store) provides block level storage volumes for use with EC2 instances. You can create highly reliable EBS volumes and attach them to any running instance that is in the same Availability Zone. EBS volumes that are attached to an EC2 instance are exposed as storage volumes that persist independently from the life of the instance.

On-demand EC2 instances let you pay by the hour with no long-term commitments. Price varies considerably, based on instance type and attached storage. Internet traffic, public IP addresses, load balancing, and detailed monitoring resources are paid separately. There are options to reduce costs by upfront payments like instances reservations.

Install Terraform

Install the required binary package (depending upon your OS) from Download page

Unzip the .zip file to the bin directory as per your OS

# unzip -d /usr/local/bin

Type terraform command to see if the command is available or not

Writing Configuration File

Make a terraform directory in which we will keep our files.  Name of this directory could be anything you want.

# mkdir ~/terraform

# cd ~/terraform

Create an example file to launch an instance on AWS. The file could be in json format or in *.tf format. Let’s use .tf format.

# vi


aws_instance is TYPE of resource to be created. In this example it’s an AWS EC2 instance

myweb is the NAME of a resource that is addressable within terraform configuration file.

Define Security Group rules

Next, we want to tell Terraform to create a Security Group within AWS EC2, and populate it with rules to allow traffic on specific ports. For the purposes of this article, we’ll use the scenario of one web server listening on TCP ports 80 (HTTP), and 22 (SSH). We also want to make sure the instance can connect outbound on any port, so we’re including an egress section below as well.

Note: Replace the access_key and secret_key and other AWS parameters as per your need.

Now run terraform plan to see what terraform will if the above file is executed.

# terraform plan

Now run the command terraform apply to run the above file

# terraform apply

Now check AWS, the instance is launched. This is the power of Terraform, on a single command you can build the entire infrastructure

To Add your SSH key to the instance:

Add your SSH key to EC2 instance and access it via SSH.

  • Uncomment user_data parameter in terraform config.
  • Replace example SSH key with your public SSH key to shared/user-data.txt file:
# cat shared/user-data.txt
mkdir -p /home/ec2-user/.ssh
cat <<FILE > /home/ec2-user/.ssh/authorized_keys
ssh-rsa <<Key value>> EXAMPLE [email protected]
chown ec2-user.ec2-user /home/ec2-user/.ssh/authorized_keys
chmod 400 /home/ec2-user/.ssh/authorized_keys

Apply configuration changes.

  • Login to newly created EC2 instance via SSH.
  • Run terraform destroy to delete AWS resources which were created during this workshop.