Mitchell Lyon

Understanding Terraform: Building an AWS EC2 Instance Step-by-Step

Terraform is one of the most powerful Infrastructure as Code (IaC) tools available today. It allows engineers to define, provision, and manage infrastructure using configuration files — ensuring deployments are repeatable, consistent, and version-controlled.

In this article, we’ll go through a simple example where we use Terraform to create an EC2 instance in AWS. We’ll break it down section by section, showing what each part does and why it’s important.

1. Provider Configuration

provider "aws" {
  region = "us-east-1"
}

Every Terraform configuration starts with a provider block.
A provider tells Terraform which platform to interact with — in this case, AWS.

The region parameter defines where in the world your infrastructure will be deployed (for example, us-east-1 is North Virginia). Terraform uses this to make API calls to AWS and manage resources there.

If you were working with Azure, GCP, or even multiple clouds, each one would have its own provider block.

2. SSH Key Pair

resource "aws_key_pair" "my_key" {
  key_name   = "my_key"
  public_key = file("~/.ssh/id_rsa.pub")
}

Before we can connect to an EC2 instance, AWS needs to know which SSH key we’ll use for authentication.
This block creates an AWS key pair named my_key using your existing public key (from your local machine’s ~/.ssh/id_rsa.pub).

Terraform uploads that public key to AWS so that when your instance launches, it already knows to trust your private key — meaning you can log in securely without a password.

3. Security Group

resource "aws_security_group" "allow_ssh" {
  name        = "allow_ssh"
  description = "Allow SSH inbound traffic"

  ingress {
    description = "SSH"
    from_port   = 22
    to_port     = 22
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }
}

Security groups in AWS act like virtual firewalls.
This resource defines who can connect to your instance and what kind of traffic is allowed.

  • The ingress block allows inbound connections on port 22 (SSH), from any IP address (0.0.0.0/0).
    This means anyone on the internet can attempt to SSH into your instance — fine for testing, but not recommended for production.
  • The egress block allows all outbound traffic to any destination.

If you wanted to make this more secure, you could restrict SSH access to your specific IP address range.

4. EC2 Instance

resource "aws_instance" "example" {
  ami           = "ami-0c55b159cbfafe1f0" # Amazon Linux 2
  instance_type = "t2.micro"
  key_name      = aws_key_pair.my_key.key_name
  security_groups = [aws_security_group.allow_ssh.name]

  tags = {
    Name = "TerraformExample"
  }
}

Here’s where we define the actual virtual machine.

Let’s break down each line:

  • AMI: The Amazon Machine Image (AMI) defines what operating system your instance uses. This example uses Amazon Linux 2, but AMI IDs vary by region.
  • Instance Type: t2.micro is a small, cost-effective instance — perfect for testing or personal projects.
  • Key Pair: This connects the EC2 instance with the SSH key pair you created earlier, allowing secure logins.
  • Security Group: This attaches the security group that allows SSH access.
  • Tags: Tags are labels that help you identify resources in the AWS Console. Here, the instance will appear as “TerraformExample.”

Once you apply this configuration, Terraform will create a running EC2 instance that you can SSH into using your private key.

Putting It All Together

Terraform follows a simple workflow:

  1. Write your configuration files (.tf) describing what you want to build.
  2. Initialize your workspace with terraform init to download provider plugins.
  3. Plan your deployment using terraform plan to preview what will be created.
  4. Apply your configuration using terraform apply to build the infrastructure.

Terraform keeps track of everything it creates in a state file, which allows it to update, modify, or destroy infrastructure later with precision.

Final Thoughts

This example only scratches the surface of what Terraform can do. In a few lines of code, we’ve:

  • Connected to AWS
  • Created a secure key pair
  • Built a security group
  • Launched an EC2 instance

As you expand, you can add load balancers, databases, networking configurations, and even entire multi-cloud environments — all managed consistently through Terraform.

By defining infrastructure as code, you remove the guesswork, reduce errors, and make your environments reliable, repeatable, and version-controlled.

If you’d like to try this yourself, download the example text file and follow these quick steps to turn it into a working Terraform file:

  1. Save it with the filename main.tf.
  2. Open a terminal in the same folder.
  3. Run terraform init to set up the AWS provider.
  4. Then run terraform apply to deploy your EC2 instance.

Let me know if it helps or if you’d like me to walk through the output!

MainDownload

Leave a comment