π― Lab Goal
You will:
- Create an EC2 instance
- Install NGINX using remote-exec
- Save EC2 IP locally using local-exec
- Upload a file using file provisioner
- Verify everything in browser
𧱠STEP 1 β Prerequisites (VERY IMPORTANT)
β You must have:
- AWS account
- Terraform installed
-
Key pair created in AWS:
- Name:
terraform-key - Download:
terraform-key.pem
- Name:
β Place file in your project:
provisioner-lab/
main.tf
terraform-key.pem
index.html
𧱠STEP 2 β Fix Key Permissions (Mac/Linux)
chmod 400 terraform-key.pem
β If you skip β SSH WILL FAIL
𧱠STEP 3 β Create index.html (file provisioner test)
π index.html
<h1>Welcome from Terraform Provisioner Lab</h1>
𧱠STEP 4 β Security Group (AWS Console)
Allow:
| Type | Port | Source |
|---|---|---|
| SSH | 22 | 0.0.0.0/0 |
| HTTP | 80 | 0.0.0.0/0 |
Copy Security Group ID:
sg-xxxxxxxx
𧱠STEP 5 β Full Terraform Code
π main.tf
provider "aws" {
region = "us-east-1"
}
resource "aws_instance" "web" {
ami = "ami-0c02fb55956c7d316" # Amazon Linux 2
instance_type = "t2.micro"
key_name = "terraform-key"
vpc_security_group_ids = ["sg-xxxxxxxx"] # replace
# β
FILE PROVISIONER (upload HTML)
provisioner "file" {
source = "index.html"
destination = "/home/ec2-user/index.html"
connection {
type = "ssh"
user = "ec2-user"
private_key = file("terraform-key.pem")
host = self.public_ip
}
}
# β
REMOTE-EXEC (install nginx + deploy page)
provisioner "remote-exec" {
inline = [
"sudo yum install nginx -y",
"sudo systemctl start nginx",
"sudo systemctl enable nginx",
"sudo mv /home/ec2-user/index.html /usr/share/nginx/html/index.html"
]
connection {
type = "ssh"
user = "ec2-user"
private_key = file("terraform-key.pem")
host = self.public_ip
}
}
# β
LOCAL-EXEC (save IP locally)
provisioner "local-exec" {
command = "echo ${self.public_ip} > public_ip.txt"
}
tags = {
Name = "provisioner-lab"
}
}
π§ͺ STEP 6 β Run Terraform
terraform init
terraform apply -auto-approve
βοΈ WHAT HAPPENS INTERNALLY
- EC2 instance created
- Terraform connects via SSH
- File provisioner uploads HTML
- Remote-exec installs nginx
- HTML moved to nginx folder
- local-exec saves IP to file
π STEP 7 β VERIFY
β Check local file
cat public_ip.txt
Example:
3.145.23.10
β Open browser
http://<EC2_PUBLIC_IP>
π You should see:
Welcome from Terraform Provisioner Lab
π§ͺ STEP 8 β TEST & BREAK (IMPORTANT FOR INTERVIEW)
β Test 1: Wrong key
Change:
private_key = file("wrong.pem")
π Result:
- SSH fails
- Provisioning fails
β Test 2: Remove port 22
π Result:
- Terraform hangs (waiting SSH)
β Test 3: Remove sudo
π Result:
- Permission denied
- NGINX not installed
π STEP 9 β DESTROY
terraform destroy -auto-approve
π§ WHAT YOU LEARNED
Provisioners:
- file β copy file
- remote-exec β configure server
- local-exec β run locally
Execution order:
- Create EC2
- file provisioner
- remote-exec
- local-exec
Key concepts:
self.public_ip- SSH connection block
- Key permissions
- Provisioner dependency on resource
π― REAL DEVOPS TIP (IMPORTANT)
π In production, replace this with:
-
user_data(bootstrap) - Ansible (config)
- Packer (pre-built AMI)
Top comments (0)