Deploy Resources with Terraform



In this tutorial, you’ll learn how to leverage infrastructure as code to deploy resources in AWS using Terraform. With Terraform you can

  • Express Infrastructure as code.
  • Execute a Plan which will show the desired state in human readable format.
  • Update resource via coding changes
  • Destroy infrastructure


To get started, you need to install Terraform locally:

  • Download the appropriate package for your local operating systems from this link
  • Terraform is distributed as a single binary. Install Terraform by unzipping it and moving it to a directory included in your system’s PATH
  • Verify the installation. After installing Terraform, verify the installation worked by opening a new terminal session and checking that terraform is available. By executing terraform you should see help output similar to this terraform-console

If the response includes “command not found” you need to check the installation and path as noted above.

Scenario Description

In this tutorial, you will provision an EC2 instance and S3 Bucket via Terraform on accounts created via Control Tower.

Adding Credentials

To configure Terraform for AWS, we need to add the AWS Provider and provide credentials. Credentials can be added in a variety of ways but for this exercise we will leverage the Environment variables approach.

Warning: Terraform allows for Static credentials to be added to the code and is not recommended as this risk secret leakage. Never hard-code your credentials in your Terraform files

You can retrieve temporary credentials from the SSO Portal and choosing Command line or programmatic access.


  • Copy the commands and paste these into a terminal window. aws-console terminal

Create Terraform files

Create a local directory where Terraform can be executed. Open a terminal window and type the following commands: terminal

Download zip file from WorkDocs here and extract the files to the directory you created in the previous step. Your directory should now contain the following terminal

Initialize Terraform

Terraform uses a plug-in based architecture to support a variety of providers. The terraform init command will automatically download and install any provider referenced in the terraform code. In this case we will be using provider AWS.

Execute a terraform init command and similar output can be expected.


Terraform Plan

terraform plan is optional but allows you to see your changes before they occur. This is useful to see how your infrastructure will change prior to executing the change. You should see something similar when executing terraform plan although please note the output has been truncated to save space.


Terraform Apply

To apply the infrastructure changes noted in the plan execute a terraform apply. Terraform will advise what will be executed and output should be similar to what was returned in the plan. As this will execute the changes returned you will be prompted to with the following (type “yes” and hit enter to execute the change).


Terraform will execute the changes and if successful you should she something similar to the following:


Terraform Destroy

In some circumstances you may want to simply delete the infrastructure created which can be accomplished with a terraform destroy command. Please note: as this deletes all resources you may want to first login into the account to view the bucket and instance before executing this.

Execute a terraform destroy and similar to the apply command you will be prompted to confirm the plan it presents. You should see something similar to the following which has been truncated to save space


Congrats you have successfully deployed and deleted infrastructure in AWS using Terraform


Getting Help

The Terraform CLI has a built-help function. If at any point during this guide you are unsure of how to proceed, consider using the terraform -help flag with any command. For example


Source Code