Harvinder Saluja's Springboot, OCI AWS, API, EIA, EISA, Data Science/Engineering and Dev/Ops BLOG: Terraform Infrastructure as Code (IaC) for AWS

Wednesday, April 2, 2025

Terraform Infrastructure as Code (IaC) for AWS

Terraform is an Infrastructure as Code (IaC) tool that enables you to provision and manage AWS infrastructure using a declarative configuration language (HCL - HashiCorp Configuration Language). A well-structured Terraform setup for provisioning AWS resources typically follows a modular, organized layout to promote reusability, maintainability, and scalability.

Here’s a high-level structure of a typical Terraform project to provision AWS infrastructure:

🔧 1. Directory Structure


 
terraform-aws-infra/
│
├── main.tf              # Entry point, includes root resources and module calls
├── variables.tf         # Input variable definitions
├── outputs.tf           # Output values to export useful information
├── providers.tf         # AWS provider configuration and backend settings
├── terraform.tfvars     # Actual variable values for a specific environment
├── versions.tf          # Terraform and provider version constraints
│
├── modules/             # Reusable modules (VPC, EC2, RDS, S3, etc.)
│   ├── vpc/
│   │   ├── main.tf
│   │   ├── variables.tf
│   │   └── outputs.tf
│   ├── ec2/
│   ├── rds/
│   └── s3/
│
└── envs/                # Environment-specific configuration (dev, prod, etc.)
    ├── dev/
    │   ├── main.tf
    │   └── terraform.tfvars
    └── prod/
        ├── main.tf
        └── terraform.tfvars

🛠️ 2. Key Files Explained

`main.tf`

Defines AWS resources or calls reusable modules.
Example:

 
module "vpc" {
  source     = "./modules/vpc"
  cidr_block = var.vpc_cidr
  region     = var.aws_region
}

`variables.tf`

Defines inputs used across resources/modules.

 
variable "aws_region" {
  description = "AWS region"
  type        = string
  default     = "us-west-2"
}

`outputs.tf`

Defines values to export (e.g., VPC ID, public IP).

 
output "vpc_id" {
  value = module.vpc.vpc_id
}

`providers.tf`

Sets up the AWS provider and optionally backend for state management.

 
provider "aws" {
  region = var.aws_region
}

terraform {
  backend "s3" {
    bucket = "my-terraform-state"
    key    = "dev/terraform.tfstate"
    region = "us-west-2"
  }
}

`terraform.tfvars`

Provides real values for declared variables (not committed to Git ideally).

 
aws_region = "us-west-2"
vpc_cidr   = "10.0.0.0/16"

`versions.tf`

Locks Terraform and provider versions for consistency.

 
terraform {
  required_version = ">= 1.5.0"
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 5.0"
    }
  }
}

📦 3. Modules

Modules help you encapsulate related resources and reuse them.

Example: modules/vpc/main.tf

 
resource "aws_vpc" "main" {
  cidr_block = var.cidr_block
  tags = {
    Name = "main-vpc"
  }
}

modules/vpc/variables.tf

 
variable "cidr_block" {
  type = string
}

modules/vpc/outputs.tf

 
output "vpc_id" {
  value = aws_vpc.main.id
}

🌱 4. Environments (Optional)

Use separate folders under envs/ to customize configurations for dev, staging, or prod.

✅ 5. Best Practices

Use remote backend (like S3 + DynamoDB) for state file management.
Use .tfvars and terraform.workspace for environment separation.
Keep secrets in AWS Secrets Manager or use sops/Vault.
Format and validate regularly: terraform fmt and terraform validate.
Use terraform plan before apply.