Harvinder Saluja's Springboot, OCI AWS, API, EIA, EISA, Data Science/Engineering and Dev/Ops BLOG: Terraform

Wednesday, April 2, 2025

Terraform Infrastructure as Code (IaC) for AWS

Terraform is an Infrastructure as Code (IaC) tool that enables you to provision and manage AWS infrastructure using a declarative configuration language (HCL - HashiCorp Configuration Language). A well-structured Terraform setup for provisioning AWS resources typically follows a modular, organized layout to promote reusability, maintainability, and scalability.

Here’s a high-level structure of a typical Terraform project to provision AWS infrastructure:

🔧 1. Directory Structure


 
terraform-aws-infra/
│
├── main.tf              # Entry point, includes root resources and module calls
├── variables.tf         # Input variable definitions
├── outputs.tf           # Output values to export useful information
├── providers.tf         # AWS provider configuration and backend settings
├── terraform.tfvars     # Actual variable values for a specific environment
├── versions.tf          # Terraform and provider version constraints
│
├── modules/             # Reusable modules (VPC, EC2, RDS, S3, etc.)
│   ├── vpc/
│   │   ├── main.tf
│   │   ├── variables.tf
│   │   └── outputs.tf
│   ├── ec2/
│   ├── rds/
│   └── s3/
│
└── envs/                # Environment-specific configuration (dev, prod, etc.)
    ├── dev/
    │   ├── main.tf
    │   └── terraform.tfvars
    └── prod/
        ├── main.tf
        └── terraform.tfvars

🛠️ 2. Key Files Explained

`main.tf`

Defines AWS resources or calls reusable modules.
Example:

 
module "vpc" {
  source     = "./modules/vpc"
  cidr_block = var.vpc_cidr
  region     = var.aws_region
}

`variables.tf`

Defines inputs used across resources/modules.

 
variable "aws_region" {
  description = "AWS region"
  type        = string
  default     = "us-west-2"
}

`outputs.tf`

Defines values to export (e.g., VPC ID, public IP).

 
output "vpc_id" {
  value = module.vpc.vpc_id
}

`providers.tf`

Sets up the AWS provider and optionally backend for state management.

 
provider "aws" {
  region = var.aws_region
}

terraform {
  backend "s3" {
    bucket = "my-terraform-state"
    key    = "dev/terraform.tfstate"
    region = "us-west-2"
  }
}

`terraform.tfvars`

Provides real values for declared variables (not committed to Git ideally).

 
aws_region = "us-west-2"
vpc_cidr   = "10.0.0.0/16"

`versions.tf`

Locks Terraform and provider versions for consistency.

 
terraform {
  required_version = ">= 1.5.0"
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 5.0"
    }
  }
}

📦 3. Modules

Modules help you encapsulate related resources and reuse them.

Example: modules/vpc/main.tf

 
resource "aws_vpc" "main" {
  cidr_block = var.cidr_block
  tags = {
    Name = "main-vpc"
  }
}

modules/vpc/variables.tf

 
variable "cidr_block" {
  type = string
}

modules/vpc/outputs.tf

 
output "vpc_id" {
  value = aws_vpc.main.id
}

🌱 4. Environments (Optional)

Use separate folders under envs/ to customize configurations for dev, staging, or prod.

✅ 5. Best Practices

Use remote backend (like S3 + DynamoDB) for state file management.
Use .tfvars and terraform.workspace for environment separation.
Keep secrets in AWS Secrets Manager or use sops/Vault.
Format and validate regularly: terraform fmt and terraform validate.
Use terraform plan before apply.

Harvinder Saluja's Springboot, OCI AWS, API, EIA, EISA, Data Science/Engineering and Dev/Ops BLOG