Provisioning an EC2 Instance with Terraform: A Step-by-Step Guide
Terraform is a powerful Infrastructure as Code (IaC) tool that simplifies the process of provisioning and managing cloud resources. In this blog, we’ll walk you through how to create an Amazon EC2 instance with a security group using Terraform. This is an essential use case for anyone diving into Terraform, especially for those managing AWS infrastructure.
Objective
We will:
- Create a simple EC2 instance on AWS using Terraform.
- Configure a security group to allow SSH (port 22) access from your public IP.
Prerequisites
To follow along, ensure you have the following:
- AWS CLI: Installed and configured with your AWS account credentials.
- Terraform: Installed on your local machine.
- A public IP address: You can find your public IP by visiting whatismyip.com.
Step 1: Setting Up the Terraform Configuration File
Create a working directory for your Terraform project. Inside this directory, create a file named main.tf.
Here’s the code to get started:
provider "aws" {
region = "us-east-1"
}resource "aws_vpc" "main" {
cidr_block = "10.0.0.0/16"
}resource "aws_subnet" "main" {
vpc_id = aws_vpc.main.id
cidr_block = "10.0.1.0/24"
map_public_ip_on_launch = true
}resource "aws_security_group" "allow_ssh" {
name = "allow_ssh"
description = "Allow SSH inbound traffic"
vpc_id = aws_vpc.main.id ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["YOUR_PUBLIC_IP/32"] # Replace with your public IP
} egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}resource "aws_instance" "web" {
ami = "ami-0c02fb55956c7d316" # Amazon Linux 2 AMI (update as needed)
instance_type = "t2.micro" subnet_id = aws_subnet.main.id
vpc_security_group_ids = [aws_security_group.allow_ssh.id] # Changed to use security group ID
associate_public_ip_address = true tags = {
Name = "Terraform-EC2"
}
}
Key Points in the Code:
- Provider Block:
- Specifies AWS as the cloud provider and the region (
us-east-1).
VPC and Subnet:
- Creates a virtual private cloud (VPC) and a public subnet.
Security Group:
- Allows SSH traffic (port 22) only from your specified public IP.
EC2 Instance:
- Provisions a t2.micro EC2 instance and attaches the security group using its ID (
vpc_security_group_ids).
Step 2: Initialize Terraform
Run the following command to initialize Terraform in your project directory:
terraform initThis command downloads the AWS provider plugin and prepares your working directory.
Step 3: Validate the Configuration
Before applying changes, validate the Terraform configuration to ensure there are no syntax errors:
terraform validateIf there are no errors, proceed to the next step.
Step 4: Plan the Changes
Generate an execution plan to review the resources Terraform will create:
terraform planThis will show a detailed list of actions Terraform intends to take.
Step 5: Apply the Configuration
Run the following command to create the resources:
terraform applyTerraform will prompt for confirmation. Type yes to proceed. Once the process completes, your EC2 instance and associated resources will be created.
Step 6: Verify the Resources
- Log in to your AWS Management Console.
- Navigate to EC2 > Instances to see your newly created instance.
- Check the Security Groups to verify the SSH rule.
Cleanup: Destroy the Resources
To avoid unnecessary costs, destroy the resources when you’re done:
terraform destroyThis will remove all resources provisioned by your Terraform configuration.
Conclusion
In this blog, you’ve learned how to:
- Create an EC2 instance using Terraform.
- Configure a security group to allow SSH access.
This hands-on exercise is a great starting point for understanding how Terraform manages AWS resources. Once you’re comfortable with the basics, you can explore more advanced Terraform concepts, like modules, remote backends, and multi-cloud setups.
Happy Terraforming!
