AWS
How to Create a VPC with Terraform - Complete AWS Networking Guide
Build a production-ready AWS VPC with Terraform. Covers subnets, route tables, NAT gateways, security groups, and network ACLs step by step.
2 min read
Terraform
Deploy AWS EC2 Instance with Terraform - Step-by-Step Guide
Deploy an AWS EC2 instance with Terraform step by step. Complete guide with VPC, security groups, key pairs, user data, and production-ready configuration.
LLuca Berton1 min read
Quick Answer
#resource "aws_instance" "web" {
ami = "ami-0c7217cdde317cfec" # Ubuntu 22.04
instance_type = "t3.micro"
tags = { Name = "my-server" }
}Run terraform init && terraform apply to launch it. For production, add a VPC, security group, and key pair as shown below.
Prerequisites
#- AWS account with IAM credentials configured
- Terraform installed (
terraform version) - AWS CLI configured (
aws configure)
Step 1: Provider Configuration
## main.tf
terraform {
required_version = ">= 1.5"
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 5.0"
}
}
}
provider "aws" {
region = var.region
}
variable "region" {
default = "us-east-1"
}Step 2: Dynamic AMI Lookup
#data "aws_ami" "ubuntu" {
most_recent = true
owners = ["099720109477"] # Canonical
filter {
name = "name"
values = ["ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-*"]
}
filter {
name = "virtualization-type"
values = ["hvm"]
}
}Step 3: Networking (VPC + Subnet)
#resource "aws_vpc" "main" {
cidr_block = "10.0.0.0/16"
enable_dns_hostnames = true
tags = { Name = "main-vpc" }
}
resource "aws_subnet" "public" {
vpc_id = aws_vpc.main.id
cidr_block = "10.0.1.0/24"
map_public_ip_on_launch = true
availability_zone = "${var.region}a"
tags = { Name = "public-subnet" }
}
resource "aws_internet_gateway" "main" {
vpc_id = aws_vpc.main.id
}
resource "aws_route_table" "public" {
vpc_id = aws_vpc.main.id
route {
cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.main.id
}
}
resource "aws_route_table_association" "public" {
subnet_id = aws_subnet.public.id
route_table_id = aws_route_table.public.id
}Step 4: Security Group
#resource "aws_security_group" "web" {
name = "web-server"
vpc_id = aws_vpc.main.id
ingress {
description = "SSH"
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = [var.my_ip] # Restrict to your IP
}
ingress {
description = "HTTP"
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
variable "my_ip" {
description = "Your IP for SSH access (e.g., 1.2.3.4/32)"
type = string
}Step 5: Key Pair
#resource "aws_key_pair" "deploy" {
key_name = "deploy-key"
public_key = file("~/.ssh/id_rsa.pub")
}Step 6: EC2 Instance
#resource "aws_instance" "web" {
ami = data.aws_ami.ubuntu.id
instance_type = "t3.micro"
subnet_id = aws_subnet.public.id
vpc_security_group_ids = [aws_security_group.web.id]
key_name = aws_key_pair.deploy.key_name
user_data = <<-EOF
#!/bin/bash
apt-get update -y
apt-get install -y nginx
systemctl enable nginx
systemctl start nginx
EOF
root_block_device {
volume_size = 20
volume_type = "gp3"
encrypted = true
}
tags = {
Name = "web-server"
Environment = "dev"
}
}Step 7: Outputs
#output "public_ip" {
value = aws_instance.web.public_ip
}
output "public_dns" {
value = aws_instance.web.public_dns
}
output "ssh_command" {
value = "ssh ubuntu@${aws_instance.web.public_ip}"
}Deploy
#terraform init
terraform plan -var="my_ip=$(curl -s ifconfig.me)/32"
terraform apply -var="my_ip=$(curl -s ifconfig.me)/32"
# SSH into the instance
ssh ubuntu@$(terraform output -raw public_ip)
# Clean up
terraform destroyCommon Instance Types
#| Type | vCPU | RAM | Use Case | Cost/month |
|---|---|---|---|---|
| t3.micro | 2 | 1 GB | Dev/test | ~$7.50 |
| t3.small | 2 | 2 GB | Small apps | ~$15 |
| t3.medium | 2 | 4 GB | Web servers | ~$30 |
| m6i.large | 2 | 8 GB | Production | ~$70 |
Related Articles
#Conclusion
#Deploy EC2 instances with a VPC, security group, and key pair for production readiness. Use aws_ami data source instead of hardcoded AMI IDs, encrypt EBS volumes, restrict SSH to your IP, and always run terraform plan before apply.
#Terraform#AWS#Infrastructure as Code#DevOps#EC2
Related articles
Terraform
How to Use Terraform Data Sources - Query Existing Resources
Learn to use Terraform data sources to query existing infrastructure. Covers AWS AMI lookup, VPC discovery, AZ listing, and cross-state data access patterns.
3 min read
Terraform
Introduction to AWS IAM, S3, and DynamoDB for Terraform
Learn the AWS services essential for Terraform — IAM for authentication, S3 for state storage, DynamoDB for state locking. Complete setup guide.
2 min read
Terraform
Terraform vs CloudFormation - Which IaC Tool Should You Choose
Compare Terraform vs AWS CloudFormation — multi-cloud support, state management, language, ecosystem, and when to use each for infrastructure as code.
3 min read