# devops / iac / terraform

Terraform EC2 Provisioning

Deploy a complete AWS EC2 instance equipped with a custom SSH Key Pair, a Security Group firewall, and a 30 GB GP3 EBS volume using Infrastructure as Code.

$ terraform apply -auto-approve
aws_key_pairCreated
aws_security_groupCreated
aws_instanceCreated
StatusApply complete!
3 added
Resources
0 changed
Diff
# step-01

The Complete Terraform Code

Save this code in a file named main.tf. This single file defines the provider, your SSH keys, the networking firewall rules, and the final EC2 compute instance.

main.tfHCL
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43
provider "aws" {
  region = "ap-south-1"
}

# Create Key Pair
resource "aws_key_pair" "my_key" {
  key_name   = "terraform-key"
  public_key = file("~/.ssh/id_rsa.pub")
}

# Create Security Group
resource "aws_security_group" "web_sg" {
  name        = "terraform-sg"
  description = "Allow SSH and HTTPS"

  ingress {
    description = "Allow SSH"
    from_port   = 22
    to_port     = 22
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  ingress {
    description = "Allow HTTPS"
    from_port   = 443
    to_port     = 443
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }

  tags = {
    Name = "terraform-sg"
  }
}

# Create EC2 Instance
resource "aws_instance" "web" {
  ami                    = "ami-xxxxxxxxxxxxxxxxx"
  instance_type          = "t2.micro"
  key_name               = aws_key_pair.my_key.key_name
  vpc_security_group_ids = [aws_security_group.web_sg.id]

  root_block_device {
    volume_size = 30
    volume_type = "gp3"
  }

  tags = {
    Name = "Terraform-EC2"
  }
}
# step-02

Code Breakdown

Understanding the exact building blocks of this Terraform file guarantees you can modify it safely later.

Core Blocks

  • Provider

    Configures Terraform to use AWS and sets the deployment region to ap-south-1 (Mumbai).

  • Key Pair

    Reads your local public SSH key (~/.ssh/id_rsa.pub) and creates an AWS Key Pair, enabling secure remote login to the instance without passwords.

  • Tags

    Applied to both the Security Group and the EC2 instance to help identify AWS resources easily in the AWS Billing and Web Console.

networking

Security Group (Virtual Firewall)

Inbound Rules: Opens Port 22 for SSH (Remote login) and Port 443 for HTTPS (Secure web traffic).
Outbound Rules: The protocol = "-1" string allows all outbound traffic, letting the server connect to the internet to download updates.

compute & storage

The EC2 Instance

Creates the actual virtual machine. It links the Key Pair and Security Group IDs dynamically.

Root Block Device: Configures the underlying storage disk attached to the instance, overriding the default size to guarantee a 30 GB GP3 SSD.

# step-03

Deployment & Execution

terminal
# 1. Initialize Terraform
# Downloads the AWS provider and initializes the directory
$ terraform init
 
# 2. Check the execution plan
# Displays the resources Terraform will create without making changes
$ terraform plan
 
# 3. Create the infrastructure
# Type 'yes' when prompted
$ terraform apply
 
# 4. Destroy the infrastructure (When done)
# Type 'yes' when prompted to delete all created resources
$ terraform destroy

Step 4: The Final Result

After running terraform apply, the following AWS resources are created successfully and linked together:

  • AWS Provider configured in ap-south-1

  • One Key Pair (terraform-key)

  • One Security Group (terraform-sg) with SSH and HTTPS enabled

  • One EC2 Instance (t2.micro)

  • One 30 GB GP3 Root EBS Volume attached

READY

The EC2 instance is now ready to connect using SSH with the configured key pair and can securely accept HTTPS traffic through the Security Group.