AWS — Infrastructure as Code Tutorial — Step 1.2 — Terraform

Note: all steps are in the GitHub repository

From HashiCorp:

“Terraform allows operators to use HCL to author files containing definitions of their desired resources on almost any provider (AWS, GCP, GitHub, Docker, etc) and automates the creation of those resources at the time of apply.”

In case you have not yet installed Terraform, please check installation section.

Getting started

I am putting Terraform binary one level up from the project folder. My projects (folders) are in terraform-projects folder. My first project is going to be located in folder vpc. Terraform binary is in terraform-projects folder.

I created file in vpc folder

Here is structure


Some rules about Terrafom language (HCL) syntax and files. (See more, following this link)


Here is our first configuration — (with errors — again)

Let us understand what is here:

Let us compare CloudFormation Template and Terraform Configuration file

Section Resources in CloudFormation template -> resource in Terraform

Resource AWS::EC2::VPC -> aws_vpc

Preparing Terraform

Terrarorm is a universal tool, so we need to let Terraform know, what and where we are going to deploy our resources.

>../terraform init


How did Terraform detect we were deploying to AWS?

You know the answer , right? It is the “aws_vpc” in the block.

Strictly saying, we need to explicitly state provider, but we will talk about that later.

This is what happened:

Moving on …

Remember from CloudFormation chapter, that it is good idea to validate the template? Terraform has a validate command:

>../terraform validate

Hm, well, it is ok — we can add a region, but what about VPC CidrBlock — we know it is wrong, as it is must be between /16 and /28.

Well, actually, there is another command that does that:

>../terraform plan

Let us correct typo, and rerun ../terraform plan

The screenshot continues:

The command not only does the validation on incorrect values, but also asks you to input missing values.

Recommendation: Always use both commands for validation

terraform validate

terraform plan

In addition, terraform plan can generate plan file, which can be used in apply switch.

Note from HashiCorp:

Security Warning

Saved plan files (with the -out flag) encode the configuration, state, diff, and variables. Variables are often used to store secrets. Therefore, the plan file can potentially store secrets.

Running “terraform apply”

>../terraform apply

Enter region name and answer “yes”:

Validating resource creation — “terraform show”

>../terraform show

Deleting resource — terraform destroy

>../terraform destroy


We have learnt:



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store