Install and Configure Terraform to Provision AWS Resources

PublishedApril 24, 2025

Infrastructure as Code (IaC) is changing how teams build and manage cloud infrastructure by turning manual processes into code. Terraform, developed by HashiCorp, is one of the most popular tools in the IaC space. It allows you to define and provision infrastructure using a declarative configuration language and supports a wide range of cloud providers, including AWS, Azure, and Google Cloud.

Whether you are working on a small project or managing a large-scale production environment, Terraform can help you streamline your infrastructure management process. By using Terraform, you can ensure consistency, reduce manual errors, and improve collaboration among team members.

Install Terraform

Install from https://developer.hashicorp.com/terraform/install.
Verify the installation using following command:
terraform -v

You should see the installed version displayed, confirming it's ready to use.

Initialize Terraform Project

Go to the directory where you want to create your Terraform project and create a sample configuration file named main.tf. This file will contain the configuration for the resources you want to provision.

main.tf

provider "aws" {
  region = "ap-northeast-1"
}

Now that you have defined AWS as a provider in the configuration file, the next step is to initialize the Terraform project. Run the following command in the terminal:

terraform init

This command downloads the required provider plugins and configures the backend to keep track to the state of your infrastructure.

Provision AWS S3 with Read Access

To provision an AWS S3 bucket with read access, you can add the following code to your main.tf file:

main.tf

/* Create ms-29.com S3 Bucket */
resource "aws_s3_bucket" "ms29_bucket" {
  bucket = "ms-29.com"
  
  tags = {
    Name = "MS-29"
    Environment = "Dev"
  }
}

/* Block all public access: Off */
resource "aws_s3_bucket_public_access_block" "ms29_public_access_block" {
  bucket = aws_s3_bucket.ms29_bucket.id
    
  block_public_acls       = false
  ignore_public_acls      = false
  restrict_public_buckets = false
  block_public_policy     = false
}

/* Public Read Bucket Policy */
resource "aws_s3_bucket_policy" "ms29_bucket_policy" {
  bucket = aws_s3_bucket.ms29_bucket.id

  policy = jsonencode({
    Version = "2012-10-17"
    Statement = [
      {
        Effect = "Allow"
        Principal = "*"
        Action = "s3:GetObject"
        Resource = "arn:aws:s3:::ms-29.com/*"
      }
    ]
  })
}

This config creates an S3 bucket named ms-29.com in the ap-northeast-1 region. It also sets up public access block configuration and bucket policy to allow public read access. Make sure to replace the bucket name with a unique name, as S3 bucket names must be globally unique across all AWS accounts.

You can format and validate the configuration file using the following command:

terraform fmt && terraform validate

Configure AWS Credentials

Assuming you have already created IAM user with programmatic access and attached necessary policies, such as AmazonS3FullAccess policy. To configure your AWS credentials using the following command:

aws configure

This command will prompt you to enter your AWS Access Key ID, Secret Access Key, default region name, and output format. Once configured, Terraform will be able to interact with AWS services, including provisioning an S3 bucket with public read access.

Apply the Configuration into AWS

Before applying the configuration, it is a good practice to check the execution plan using the following command:

terraform plan

This command will show you what changes Terraform will make to your infrastructure based on the configuration file. Review output carefully to ensure it matches your expectations.

To apply the configuration and provision the resources, run the following command:

terraform apply

Terraform will show you a preview of the changes it will make. Type yes to confirm and proceed with the provisioning.

After the provisioning is complete, you can verify the S3 bucket creation in the AWS Management Console. You should see a bucket named ms-29.com listed under S3 service. Also, check the bucket policy and public access settings to confirm that public read access is enabled.

To verify public read access, upload a test file to the S3 bucket and try to access it. You should be able to access the file using the following URL format: https://s3.{REGION}.amazonaws.com/{BUCKET}/{FILENAME}

To destroy the resources created by Terraform, you can run the following command:

terraform destroy

This command will remove all the resources defined in your configuration file. Again, review the output carefully before confirming the destruction.

Congratulations! You have successfully installed and configured Terraform, and provision an AWS S3 bucket with public read access. You can now use Terraform to manage your infrastructure as code, making it easier to version control, collaborate, and automate your cloud resources. With its declarative configuration language and extensive provider support, you can automate the entire lifecycle of your infrastructure.

As you continue your journey with Terraform, consider exploring advanced features such as modules, state management, and remote backends. These features will help you scale your infrastructure management practices and make your workflows even more efficient.

If you have any questions or need further assistance, feel free to leave a comment below or refer to official Terraform documentation. Happy provisioning!