Terraform Cloud and AWS Getting Started

published: 15th of January 2023

Intro

In a previous post I showed you how to get your Terraform Cloud environment up and running. In this post, I will show you how to setup Terraform Cloud to deploy infrastructure resources in your AWS environment. This post builds on the last post and re-uses the Workspace created during the post. Be sure to check it out if you have not already.

Software Versions

The following software versions where used in this post.

  • Ubuntu - 22.04.1 LTS
  • Terraform CLI - 1.3.7

AWS

In order to access your AWS environment from Terraform Cloud, you will need to create some API access keys. The process to create API keys is outlined in the AWS docs here.

Terraform Cloud

Once you have your AWS access keys, it's time to setup your Terraform Cloud environment.

Variable Set

you need to create a Variable Set in Terraform Cloud to allow it to access your AWS environment.

To configure the Variable Set, browse to:

I named my variable set AWS, but you can call it whatever you want.

You can apply the varible set to all workspaces or select specific ones. I applied mine to the testing workspace from the previous post.

Click on Add variable, and select the Environment variable radio button. Now create the following variables.

Key Value Sensitive
AWS_ACCESS_KEY_ID <AWS_ACCESS_KEY_ID> true
AWS_SECRET_ACCESS_KEY <AWS_SECRET_ACCESS_KEY> true

Finally, click on Create variable set to save the variable set.

Terraform Code

We already have the backend.tf file from the previous post which links our local environment to Terraform Cloud.

backend.tf 
terraform {
  cloud {
    organization = "<ORGANIZATION>"

    workspaces {
      name = "testing"
    }
  }
}

Create a provider.tf file that defines the parameters for connecting to our AWS environment with the following contents.

provider.tf 
terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 4.0"
    }
  }
}

# Configure the AWS Provider
provider "aws" {
  region = "us-east-1"
}

Now, lets create a resources.tf file that will define the resources to build in AWS. As a simple test, we will create an S3 bucket.

resources.tf 
resource "aws_s3_bucket" "b" {
  bucket = "my-tf-test-bucket-2384103847123487"

  tags = {
    Name        = "My bucket"
    Environment = "Dev"
  }
}

resource "aws_s3_bucket_acl" "example" {
  bucket = aws_s3_bucket.b.id
  acl    = "private"
}

That's all of the code for now, let's move onto testing.

Terraform Plan

Let's see if our Terraform Cloud environment can connect to our AWS environment by running the terraform plan command.

cmd 
terraform plan

# Output
Running plan in Terraform Cloud. Output will stream here. Pressing Ctrl-C
will stop streaming the logs, but will not stop the plan running remotely.

<SNIP>

Terraform v1.3.7
on linux_amd64
Initializing plugins and modules...

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

<SNIP>

  # aws_s3_bucket_acl.example will be created
  + resource "aws_s3_bucket_acl" "example" {
      + acl    = "private"
      + bucket = (known after apply)
      + id     = (known after apply)

      + access_control_policy {
          + grant {
              + permission = (known after apply)

              + grantee {
                  + display_name  = (known after apply)
                  + email_address = (known after apply)
                  + id            = (known after apply)
                  + type          = (known after apply)
                  + uri           = (known after apply)
                }
            }

          + owner {
              + display_name = (known after apply)
              + id           = (known after apply)
            }
        }
    }

Plan: 2 to add, 0 to change, 0 to destroy

Awesome we can see that Terraform Cloud can connect to our AWS environment and will create the S3 bucket.

Terraform Apply

Ok, let's apply the changes with the terraform apply command.

cmd 
terraform apply -auto-approve
  
# Output
<SNIP>

Plan: 2 to add, 0 to change, 0 to destroy.

aws_s3_bucket.b: Creation complete after 1s [id=my-tf-test-bucket-2384103847123487]
aws_s3_bucket_acl.example: Creating...
aws_s3_bucket_acl.example: Creation complete after 0s [id=my-tf-test-bucket-2384103847123487,private]

Apply complete! Resources: 2 added, 0 changed, 0 destroyed.

Excellent, our S3 bucket was created so we have confirmed that our Terraform Cloud environment can deploy resources to our AWS environment.

Terraform Destroy

As a final step, lets to clean up our AWS environment by deleting the S3 bucket with the terraform destroy command.

cmd 
terraform destroy -auto-approve
  
# Output
<SNIP>

Plan: 0 to add, 0 to change, 2 to destroy.

aws_s3_bucket_acl.example: Destruction complete after 0s
aws_s3_bucket.b: Destroying... [id=my-tf-test-bucket-2384103847123487]
aws_s3_bucket.b: Destruction complete after 0s

Apply complete! Resources: 0 added, 0 changed, 2 destroyed.

And that's it, we are all cleaned up.

Outro

In this post, I showed you how to connect your Terraform Cloud environment to your AWS environment and also, create and destory AWS resources from Terraform Cloud.

Until next time ✌️

https://developer.hashicorp.com/terraform/cloud-docs/workspaces/variables

https://registry.terraform.io/providers/hashicorp/aws/latest/docs

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket