This repo contains the code samples for the book Terraform: Up and Running, by Yevgeniy Brikman.
Terraform: Up & Running is now on its 3rd edition; all the code in master is for this edition. If you're looking
for code examples for other editions, please see the following branches:
All the code is in the code folder. The code examples are organized first by the tool or language and then by chapter. For example, if you're looking at an example of Terraform code in Chapter 2, you'll find it in the code/terraform/02-intro-to-terraform-syntax folder; if you're looking at an OPA (Rego) example in Chapter 9, you'll find it in the code/opa/09-testing-terraform-code folder.
Since this code comes from a book about Terraform, the vast majority of the code consists of Terraform examples in the code/terraform folder.
For instructions on running the code, please consult the README in each folder, and, of course, the Terraform: Up and Running book.
To use Terraform with AWS, you need to configure your AWS credentials. This section explains how to set up persistent AWS credentials that will work across all PowerShell sessions and survive computer restarts.
This is the standard way to configure AWS credentials and works with all AWS tools and SDKs.
Open PowerShell and run:
New-Item -ItemType Directory -Path "$env:USERPROFILE\.aws" -ForceThis creates the C:\Users\<YourUsername>\.aws directory where AWS tools look for credentials.
Run the following PowerShell command to create the credentials file without BOM (important for Terraform compatibility):
$content = '[default]
aws_access_key_id = YOUR_ACCESS_KEY_ID
aws_secret_access_key = YOUR_SECRET_ACCESS_KEY'
$utf8NoBom = New-Object System.Text.UTF8Encoding($false)
[System.IO.File]::WriteAllText("$env:USERPROFILE\.aws\credentials", $content, $utf8NoBom)Replace YOUR_ACCESS_KEY_ID and YOUR_SECRET_ACCESS_KEY with your actual AWS credentials.
$content = '[default]
region = us-east-1
output = json'
$utf8NoBom = New-Object System.Text.UTF8Encoding($false)
[System.IO.File]::WriteAllText("$env:USERPROFILE\.aws\config", $content, $utf8NoBom)Change us-east-1 to your preferred AWS region.
Test that your credentials are set up correctly:
# List the contents of the credentials file
Get-Content "$env:USERPROFILE\.aws\credentials"
# List the contents of the config file
Get-Content "$env:USERPROFILE\.aws\config"Navigate to any Terraform folder and run:
terraform init -backend=false
terraform validateIf successful, you'll see "Success! The configuration is valid."
- File Encoding: The credentials file must be saved as UTF-8 without BOM (Byte Order Mark). The PowerShell commands above handle this automatically.
- Sensitive Data: Keep your credentials file private. Never commit it to version control or share it with others.
- Multiple Profiles: You can add multiple profiles to your credentials file for different AWS accounts:
[default]
aws_access_key_id = YOUR_DEFAULT_ACCESS_KEY
aws_secret_access_key = YOUR_DEFAULT_SECRET_KEY
[production]
aws_access_key_id = YOUR_PROD_ACCESS_KEY
aws_secret_access_key = YOUR_PROD_SECRET_KEYThen specify which profile to use in your Terraform code:
provider "aws" {
region = "us-east-1"
profile = "production"
}- Persistence: Once configured, these credentials are persistent and will:
- Work across all PowerShell sessions
- Survive computer restarts
- Be available to Terraform, AWS CLI, and other AWS tools automatically
This code is released under the MIT License. See LICENSE.txt.