AWS EC2 with Terraform is one of the most practical and essential use cases for infrastructure as code. Whether you’re just getting started or already familiar with Terraform, deploying a virtual machine in AWS using Terraform gives you full control over automation, scalability, and repeatability.
In this tutorial, you’ll learn how to provision an EC2 instance, configure secure access, and manage networking with Terraform. The walkthrough is designed to be simple enough for beginners, while offering deeper insights for professionals.
Table of Contents
What Is AWS EC2 and Why Use Terraform?
Amazon EC2 (Elastic Compute Cloud) is a popular service that provides scalable virtual servers in the cloud. When paired with Terraform, you can define your EC2 instances in configuration files and deploy them with a single command.
This approach makes it easier to:
- Reuse and share configurations across teams.
- Maintain consistent infrastructure setups.
- Automate deployments across environments.
Step 1: Launching EC2 with Terraform
To begin, you’ll define an EC2 instance using the aws_instance resource in Terraform.
resource "aws_instance" "web_server" {
ami = "ami-xxxxxx"
instance_type = "t2.micro"
tags = {
Name = "web-server"
Description = "NGINX web server on Ubuntu"
}
}
This sets up a lightweight Ubuntu server in the AWS us-west-1 region. Tags help identify the instance in your AWS console, which is especially useful in environments with multiple resources.
Step 2: Adding User Data to Bootstrap Your Server
Terraform allows you to execute shell commands when the EC2 instance is launched using the user_data argument. This is useful for installing software or running setup scripts.
user_data = <<-EOF
#!/bin/bash
sudo apt update
sudo apt install nginx -y
EOF
This example installs the NGINX web server on the Ubuntu instance automatically.
Step 3: Creating and Using SSH Key Pairs
Without SSH access, you won’t be able to connect to the server. Terraform supports importing an existing public key into AWS using the aws_key_pair resource:
resource "aws_key_pair" "web_key" {
key_name = "web-key"
public_key = file("~/.ssh/web.pub")
}
Once created, this key must be referenced in your EC2 instance definition:
key_name = aws_key_pair.web_key.key_name
Now you’ll be able to connect to your server using your private key and the instance’s public IP.
Step 4: Configuring SSH Access with Security Groups
To allow access to port 22 (used for SSH), you must define an aws_security_group:
resource "aws_security_group" "ssh_access" {
name = "ssh-access"
description = "Allow SSH access"
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
}
This allows SSH traffic from any IP. While not ideal for production, it’s acceptable in isolated test environments.
Now link the security group to your EC2 instance:
vpc_security_group_ids = [aws_security_group.ssh_access.id]Step 5: Output the Public IP for Easy Access
To make it easier to connect to your instance, use an output block to print the public IP:
output "web_server_ip" {
value = aws_instance.web_server.public_ip
}
After applying your configuration, Terraform will display the public IP in the terminal. You can then SSH into your server:
ssh -i ~/.ssh/web.pem ubuntu@<your-public-ip>Step 6: Full Terraform Apply Cycle
To deploy everything, run:
terraform init
terraform plan
terraform apply
Terraform will:
- Create the key pair.
- Set up the security group.
- Launch the EC2 instance with your configuration.
- Display the public IP after deployment.
If you make changes, re-running terraform apply will intelligently update the necessary resources.
Conclusion
Deploying AWS EC2 with Terraform simplifies cloud resource management and sets a strong foundation for more advanced automation. By following the best practices for key management, tagging, networking, and modular configurations, you ensure that your infrastructure remains secure, scalable, and easy to manage.
Whether you’re hosting a simple web server or building a production-grade application stack, EC2 combined with Terraform is a powerful and flexible choice.
Frequently Asked Questions (FAQs)
1. Do I need to use a public key with Terraform?
Yes. To SSH into an EC2 instance, you need to provide a public key using the aws_key_pair resource.
2. What is the default instance type used in tutorials?
The t2.micro instance type is commonly used for testing because it’s free tier eligible.
3. Can I change the AMI later?
Yes, update the ami field in the EC2 resource block and run terraform apply.
4. Is opening port 22 to all IPs safe?
No. For production, restrict access to specific IP ranges or use a VPN.
5. Can I install multiple packages using user_data?
Absolutely. Add multiple commands to the user_data script as needed for initial setup.