With this method, you just hardcode your access keys right inside your template. It looks as follows:

    provider "aws" {
        access_key = "xxxxxxxxxxxxx"
        secret_key = "xxxxxxxxxxxxx"
        region = "us-east-1"
    }

Though the simplest one, it is also the least flexible and secured one. You don't want to give your credentials just like this to everyone in the team. Rather, each team member should use his or her own keys. Consider this method a bad practice and avoid it when possible.

If not specified in the template, Terraform will try to read configuration from the environment variables AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY. You can also set your region with the AWS_DEFAULT_REGION variable. In this case, complete configuration goes down to the following:

provider "aws" {} 

If Terraform can't find keys in the template or environment variables, it will try to fetch them from the credentials file, which is typically stored in the ~/.aws/ credentials. If you previously installed and configured AWS CLI, then you already have a credentials file generated for you. If you did not do this, then you can add it yourself, with content as follows:

[default] 
aws_access_key_id =  xxxxxxxxxxxxx 
aws_secret_access_key =  xxxxxxxxxxxxx 

You should always avoid setting credentials directly in the template. It's up to you whether you use environment variables or a credentials file. Whichever method you picked, let's add the following configuration to template.tf:

    provider "aws" {
      region = "eu-central-1"
    }

Running terraform apply command still won't do anything because we did not specify any resources we want our infrastructure to have. Let's do that now.