Terraform: Up & Running Code

This repo contains the code samples for the book Terraform: Up and Running, by Yevgeniy Brikman.

Looking for the 1st, 2nd, or 3rd edition?

Terraform: Up & Running is now on its 3rd edition; all the code in master is for this edition. If you're looking for code examples for other editions, please see the following branches:

• 1st-edition branch.
• 2nd-edition branch.
• 3rd-edition branch.

Quick start

All the code is in the code folder. The code examples are organized first by the tool or language and then by chapter. For example, if you're looking at an example of Terraform code in Chapter 2, you'll find it in the code/terraform/02-intro-to-terraform-syntax folder; if you're looking at an OPA (Rego) example in Chapter 9, you'll find it in the code/opa/09-testing-terraform-code folder.

Since this code comes from a book about Terraform, the vast majority of the code consists of Terraform examples in the code/terraform folder.

For instructions on running the code, please consult the README in each folder, and, of course, the Terraform: Up and Running book.

AWS Credentials Configuration (Persistent)

To use Terraform with AWS, you need to configure your AWS credentials. This section explains how to set up persistent AWS credentials that will work across all PowerShell sessions and survive computer restarts.

Option 1: AWS Credentials File (Recommended)

This is the standard way to configure AWS credentials and works with all AWS tools and SDKs.

Step 1: Create the AWS Configuration Directory

Open PowerShell and run:

New-Item -ItemType Directory -Path "$env:USERPROFILE\.aws" -Force

This creates the C:\Users\<YourUsername>\.aws directory where AWS tools look for credentials.

Step 2: Create the Credentials File

Run the following PowerShell command to create the credentials file without BOM (important for Terraform compatibility):

$content = '[default]
aws_access_key_id = YOUR_ACCESS_KEY_ID
aws_secret_access_key = YOUR_SECRET_ACCESS_KEY'

$utf8NoBom = New-Object System.Text.UTF8Encoding($false)
[System.IO.File]::WriteAllText("$env:USERPROFILE\.aws\credentials", $content, $utf8NoBom)

Replace YOUR_ACCESS_KEY_ID and YOUR_SECRET_ACCESS_KEY with your actual AWS credentials.

Step 3: Create the Config File (Optional but Recommended)

$content = '[default]
region = us-east-1
output = json'

$utf8NoBom = New-Object System.Text.UTF8Encoding($false)
[System.IO.File]::WriteAllText("$env:USERPROFILE\.aws\config", $content, $utf8NoBom)

Change us-east-1 to your preferred AWS region.

Step 4: Verify the Configuration

Test that your credentials are set up correctly:

# List the contents of the credentials file
Get-Content "$env:USERPROFILE\.aws\credentials"

# List the contents of the config file
Get-Content "$env:USERPROFILE\.aws\config"

Step 5: Verify Terraform Can Access the Credentials

Navigate to any Terraform folder and run:

terraform init -backend=false
terraform validate

If successful, you'll see "Success! The configuration is valid."

Important Notes

• File Encoding: The credentials file must be saved as UTF-8 without BOM (Byte Order Mark). The PowerShell commands above handle this automatically.
• Sensitive Data: Keep your credentials file private. Never commit it to version control or share it with others.
• Multiple Profiles: You can add multiple profiles to your credentials file for different AWS accounts:

[default]
aws_access_key_id = YOUR_DEFAULT_ACCESS_KEY
aws_secret_access_key = YOUR_DEFAULT_SECRET_KEY

[production]
aws_access_key_id = YOUR_PROD_ACCESS_KEY
aws_secret_access_key = YOUR_PROD_SECRET_KEY

Then specify which profile to use in your Terraform code:

provider "aws" {
  region  = "us-east-1"
  profile = "production"
}

• Persistence: Once configured, these credentials are persistent and will:
  • Work across all PowerShell sessions
  • Survive computer restarts
  • Be available to Terraform, AWS CLI, and other AWS tools automatically

License

This code is released under the MIT License. See LICENSE.txt.