Terraform

Authentication

Terraform will default to the currently active AWS user providing you have your AWS credentials set-up.

Creating resources

Resources are specified in the main.tf file.

Create a new S3 bucket:

resource "aws_s3_bucket" "my_new_bucket" {
    bucket = "my-new-bucket"
}

At this point the resource doesn’t exist so there is no ARN or ID. When the resource is created (through terraform apply) Terraform receives this info from AWS and store it in a state file.

This info can be retrieved with terraform show, e.g:

resource "aws_s3_bucket" "my_new_bucket" {
    id                    = "my-new-bucket"
    arn                   = "arn:aws:s3:::my-new-bucket"
    bucket                = "my-new-bucket"
    bucket_domain_name    = "my-new-bucket.s3.amazonaws.com"
 }

Standard sequence

Make your terraform directory, then cd and:

Initialise project

terraform init

This will create the file .terraform.lock.hcl which should be committed. Stuff in .terraform/ can be git-ignored.

Check changes

terraform plan

Providing you have written a main.tf. The command will list the proposed changes to your resources.

Apply changes

terraform apply

Destroy the resource

Typically when you want to do a clean recreate.

terraform destoy

Run with debug/logger

TF_LOG=DEBUG terraform apply

Or use with other Terraform command, e.g. destroy, refresh - whatever is causing the problem.