In this tutorial, you will customize the workspace you created in the previous tutorial by defining Terraform variables for your EC2 settings. Then, you will retrieve your AWS credentials and set them as sensitive environment variables. Finally, you will use Terraform Cloud to provision an EC2 instance.
Return to the Terraform Cloud UI and visit the “Variables” page for your
tfc-guide-example workspace, where you will set your credentials.
Terraform Cloud supports two types of variables: environment variables and Terraform variables. Either type can be marked as sensitive, which prevents them from being displayed in the Terraform Cloud web UI and makes them write-only.
Terraform Cloud will define Terraform Variables as input variables in Terraform’s configuration language. You can use them to customize the infrastructure that Terraform creates from your configuration.
Find the “Terraform Variables” section to set two variables that Terraform will use to configure your instance.
Click the “Save variable” button to save each one. After saving, the “Terraform Variables” section displays your new variable values.
EC2 instances are Amazon Web Services (AWS) services. In order for Terraform to provision AWS resources for you, it needs credentials for your AWS account.
This tutorial will provision resources that qualify under the AWS free-tier. If your account does not qualify under the AWS free-tier.
Log into the AWS console and find your Access key ID and Secret access key on this page.
Terraform Cloud uses an ephemeral environment to run Terraform operations that create and manage your infrastructure. You will set that environment’s Environment Variables in the Terraform Cloud web UI to configure provider credentials or to configure the Terraform binary itself.
Scroll down to the “Environment Variables” section, and create two variables by clicking the “Add variable” button. Check the “Sensitive” checkbox for both of them.
||Your AWS Access key ID||yes|
||Your AWS Secret access key||yes|
If you have temporary AWS credentials, you must also add your
AWS_SESSION_TOKEN as an environment variable.
Click the “Save variable” button to save each one. Once you are done, the “Environment Variables” section should look like this:
If you use the Terraform CLI, your local environment variables do not auto populate into the environment where Terraform Cloud runs the Terraform binary. You must set your environment variables in Terraform Cloud.
Now that you have set your variables, select “Start new plan” from the “Actions” drop down menu, choose the “Plan (most common)” option, and provide an optional explanation. Then select the purple “Start plan” button to start a plan. This may take a few minutes.
This produces an execution plan that describes which actions Terraform will take to change real infrastructure to match the configuration Terraform will not make any changes until you confirm and apply the plan This gives you and your team an opportunity to review the planned changes.
The output format is similar to the diff format generated by tools such as Git. Output with a
+ next to it means that Terraform will create this resource. The plan also shows the attributes that Terraform will set. The value
(known after apply) means that Terraform will not have this value until after it creates the resource.
No real infrastructure changes happen until you confirm and apply the plan. This checkpoint gives you and your team an opportunity to review the planned changes before they happen.
Once the plan is complete, click the “Confirm & Apply” button, followed by the “Confirm Plan” button to apply the change.
After a few minutes, your apply should complete. Terraform Cloud will display a confirmation.
Now return to the workspace’s “Overview” page. Under the details about your latest run, Terraform displays a table of the resources currently managed in the workspace.
It also shows the workspace’s outputs in the “Outputs” tab for easy access.
Congratulations! You created an AWS EC2 instance using Terraform Cloud.
Verify that the infrastructure exists by visiting the AWS web console page for EC2 in the N.California/us-west-1 region, the region specified in the provider configuration.
The EC2 instance that you have provisioned will remain active until it is deleted. You will do this in the clean-up tutorial.
In this tutorial, you configured your workspace with environment and Terraform variables, and created a EC2 instance using Terraform Cloud. Read more about variables in Terraform Cloud in the documentation.
Now you are ready to modify your EC2 instance by updating your Terraform variables and changing your configuration files.