Create an EC2 instance using Terraform

So today we will create Amazon EC2 Instance using Terraform, We will use some of our previous learnings which we have done in previous blogs.

For better understanding I recommend to read previous Blogs as well.

Now let’s dive into today’s scenario and swim across it.

The Nautilus DevOps team is strategizing the migration of a portion of their infrastructure to the AWS cloud. Recognizing the scale of this undertaking, they have opted to approach the migration in incremental steps rather than as a single massive transition. To achieve this, they have segmented large tasks into smaller, more manageable units.

For this task, create an EC2 instance using Terraform with the following requirements: The name of the instance must be xfusion-ec2.

Use the Amazon Linux ami-0c101f26f147fa7fd to launch this instance.

The Instance type must be t2.micro. Create a new RSA key named xfusion-kp. Attach the default (available by default) security group.

We are going to create a main.tf file in the directory /home/bob/terraform.

The main.tf will contain the necessary Terraform configuration to create an EC2 instance with the specified requirements.

Steps:

1. Configure the AWS provider. We'll use the default AWS provider configuration.

2. Create an RSA key named "xfusion-kp". We'll generate a key pair resource.

3. Launch an EC2 instance with:

- AMI: ami-0c101f26f147fa7fd (Amazon Linux)

- Instance type: t2.micro

- Key name: the key we create (xfusion-kp)

- Security group: the default security group (we can use the default by not specifying any additional security groups? But note: the requirement says to attach the default security group.

In AWS, every VPC has a default security group. We can use the default security group by referencing it by name or by ID? However, the default security group is created by default and we can get it by name "default" but note that the name might not be unique.

Alternatively, we can use a data source to get the default security group of the VPC we are in.)

However, note: the requirement says "the default (available by default) security group".

We can use the default security group of the default VPC? But we don't know the VPC.

Approach: We can use a data source to get the default security group of the VPC we are in. But the problem doesn't specify VPC.

Alternatively, we can note that when you create an EC2 instance without specifying a security group, it uses the default security group of the VPC in which the instance is launched.

Also, if we don't specify a subnet, it uses the default VPC. But the problem says: attach the default security group. So we should explicitly attach the default security group.

How to get the default security group?

We can use a data source to get the default security group for the VPC.

However, note: the problem says the default security group is available by default. We can assume that we are using the default VPC and then get the default security group of that VPC.

Steps:

a. Get the default VPC using a data source.

b. Get the default security group for that VPC.

Another requirement is : "Create a new RSA key named “xfusion-kp". So we just create the key pair. We don't need to save the private key? But without the private key, we cannot log in

We can generate a key pair and then save the private key in a file? However, the problem doesn't specify. We'll generate the key and save it to a file in the current directory? But note: Terraform might store the state and the private key in the state file. We can use the local_file resource to save the private key to a file.

Let's write the main.tf:

We'll use: -

provider "aws"

- data source for the default VPC

- data source for the default security group in that VPC

- tls_private_key to generate the key

- aws_key_pair to create the key pair in AWS

- local_file to save the private key

- aws_instance to create the instance

- we must name the instance with the Name tag: "xfusion-ec2"

-The AMI is given: ami-0c101f26f147fa7fd

-The instance type: t2.micro

-The key pair: the one we create (key_name = aws_key_pair.xfusion_kp.key_name)

-The security group: we'll set vpc_security_group_ids = [data.aws_security_group.default.id]

Now we have all the required information that we need to create a Ec2 Instance for today’s scenario.

let’s create the main.tf file :

terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "6.6.0"
    }
  }
}
provider "aws" {
  region = "us-east-1"  # Update region if needed
}

resource "tls_private_key" "xfusion_kp" {
  algorithm = "RSA"
  rsa_bits  = 4096
}

resource "aws_key_pair" "xfusion_kp" {
  key_name   = "xfusion-kp"
  public_key = tls_private_key.xfusion_kp.public_key_openssh
}

resource "local_file" "private_key" {
  content  = tls_private_key.xfusion_kp.private_key_pem
  filename = "xfusion-kp.pem"
}

# Get the default security group ID without complex lookups
data "aws_security_group" "default" {
  filter {
    name   = "group-name"
    values = ["default"]
  }
}

resource "aws_instance" "xfusion-ec2" {
  ami                    = "ami-0c101f26f147fa7fd"
  instance_type          = "t2.micro"
  key_name               = aws_key_pair.xfusion_kp.key_name
  vpc_security_group_ids = [data.aws_security_group.default.id]

  tags = {
    Name = "xfusion-ec2"
  }
}
  • Uses filter to find the default security group directly.

Initialize and apply:

terraform init
terraform apply -auto-approve

Verification:

  • Check instance creation in AWS Console

  • Verify security group: Should show "default" security group attached

  • Instance name should appear as "xfusion-ec2"

Notes:

  • The private key xfusion-kp.pem will be saved in your current directory

  • If you're not in us-east-1, update the region in the provider block

  • Default security group must exist in your AWS account (exists by default in all regions)

And BOOOOOOOMMMMM your EC2 instance is Ready.

Do let me know if any issue observed during the process.

Reach out to me:

LinkedIn

Twitter(X)

0
Subscribe to my newsletter

Read articles from Kunal Kumar Singh directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Written by

Kunal Kumar Singh
Kunal Kumar Singh

I am a DevOps Engineer working in MNC. Where I automate Infrastructure using various DevOps tools and AWS Cloud.