Before using Terraform to create an instance, we need to configure AWS provider. This is the first piece of code we will write in our template. Templates are written in a special language named HashiCorp Configuration Language (HCL). More details about HCL can be found at https://github.com/hashicorp/hcl. You can also write your templates in JSON, but this is recommended only if template itself is generated or read by a machine.
We can configure credentials in the following ways.
With this method, you just hardcode your access keys right inside your template. It looks as follows:
provider "aws" { access_key = "xxxxxxxxxxxxx" secret_key = "xxxxxxxxxxxxx" region = "us-east-1" }
Though the simplest one, it is also the least flexible and secured one. You don't want to give your credentials just like this to everyone in the team. Rather, each team member should use his or her own keys. Consider this method a bad practice and avoid it when possible.
If not specified in the template, Terraform will try to read configuration from the environment variables AWS_ACCESS_KEY_ID
and AWS_SECRET_ACCESS_KEY
. You can also set your region with the AWS_DEFAULT_REGION
variable. In this case, complete configuration goes down to the following:
provider "aws" {}
If Terraform can't find keys in the template or environment variables, it will try to fetch them from the credentials file, which is typically stored in the ~/.aws/
credentials. If you previously installed and configured AWS CLI, then you already have a credentials file generated for you. If you did not do this, then you can add it yourself, with content as follows:
[default] aws_access_key_id = xxxxxxxxxxxxx aws_secret_access_key = xxxxxxxxxxxxx
You should always avoid setting credentials directly in the template. It's up to you whether you use environment variables or a credentials file. Whichever method you picked, let's add the following configuration to template.tf
:
provider "aws" { region = "eu-central-1" }
Running terraform apply
command still won't do anything because we did not specify any resources we want our infrastructure to have. Let's do that now.
3.138.105.31