Provisioning an EC2 instance using Terraform & keypair

Launch an EC2 instance from your CLI

This tutorial outlines in a very basic way, the steps needed to be taken to use Terraform to fire up an instance of AWS EC2 and then SSH into it. Please note that this is for absolute beginners.

Install Terraform

To begin with, we first need to install gnupg and software-properties-common, if not already present. This step follows the instructions mentioned in the official Terraform documentation.

sudo apt-get update
sudo apt-get install -y gnupg software-properties-common

After installing these, we need to add the HashiCorp GPG Key to the Ubuntu system.

wget -O- | \
gpg --dearmor | \
sudo tee /usr/share/keyrings/hashicorp-archive-keyring.gpg

Now, let’s go ahead and add the HashiCorp repository to Ubuntu. This repository will allow us to find the Terraform software on the internet.

echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] \ $(lsb_release -cs) main" | \
sudo tee /etc/apt/sources.list.d/hashicorp.list

And finally, it’s time to install Terraform itself.

sudo apt-get update
sudo apt-get install terraform

After completion, let’s verify if the installation was successful using this command:

terraform --version

Verify Terraform installation

Now that Terraform is installed, it’s time to install AWSCLI, the utility to configure our AWS with credentials.

Install AWSCLI

Although there are a few ways to install AWSCLI, we will use the method prescribed in the official documentation by Amazon.

curl "" -o ""
sudo ./aws/install

Once again, we verify the successfull installation of AWSLI by checking its version by typing in the following command:

aws --version

Verify AWS CLI Installation

AWS Credentials

Create an AWS account with a free tier if you already don’t have one. Then head to your Profile and look for Credentials. We will use these credentials to connect to AWS from the CLI.

Now in the terminal, we type the following command

aws configure

Configuring AWS with Credentials

AWS presents us with options to paste/type the following one by one. Press enter after pasting in each line. Note that [none] means there is no data configured for that key yet.

Access Key [none]: <paste access key here>

Secret Key [none]: <paste secrete key here>

Region [none]: us-east-1

Output format [none]: <leave this blank>

Now we have our AWSCLI configured to access the AWS account, however, this is not enough to launch an EC2 instance. For that, we need a keypair.

Sidenote: This article makes use of the root account in AWS and does not consider any security viewpoint. Creating an IAM user account and using permission boundaries is generally suggested.

Again, we confirm everything is in place by verifying. Seeing is believing.

cd /.aws
cat credentials

Verifying AWS Credentials

EC2 Keypair

In AWS dashboard, go to EC2 and on the left navigation, go to Keypair. Click on Create.

Give a suitable name to the keypair file and select RSA and PEM and click on Save. This will download the PEM file to the system.

In terminal, create a folder for your project.

mkdir projectfolder

If you cannot access your downloaded PEM file for any reason (eg. if you are in a VM inside a host machine), you can create it inside the terminal.

sudo nano keyfile.pem

Copy paste the contents of the downloaded keypair file inside the nano window in the terminal. Press ctrl + x + y to save the file.

Now we will change the permissions of this key file, without which EC2 will reject our connection.

sudo chmod 400 keyfile.pem

We will use this keypair file to ssh into the newly created EC2 Instance.

Creating Terraform Scripts

Now that we have the prerequisites in place, let’s create a Terraform plan and apply it to create our instance.

cd projectfolder

Once inside the folder, create the Terraform creds file which will contain the same credentials that we used for AWSCLI.

sudo nano
provider "aws" {
	access_key = "<your aws access key>"
	secret_key = "<your aws secret key"
	region = "<your aws region>"

Now it’s time to create the main Terraform script that will actually execute the commands to launch our EC2 instance.

sudo nano
resource "aws_instance" "myproject" {
	ami = "ami-2757f631"
	instance_type = "t2.micro"
	key_name = "ec2tf"

We now have the Terraform plan ready and we need to initiate it.

terraform init

Initializing Terraform

Once the configuration is initialized, we need to apply it for Terraform to create our EC2 instance.

terraform apply

Creating the EC2 instance

When prompted, type yes

Terraform will now begin to create the EC2 instance. This may take some time depending on the image.

To verify the creation of the instance, go to the EC2 dashboard and see the newly created instance in the running state.

Verify EC2 instance running

Connecting to EC2 Instance using SSH

The reason why I initiated my instance using a keypair file was to be able to SSH into it after creation. And we will see how this became very easy now.

The first step is to go to the EC2 dashboard and click on Security Groups.

There, select the security group and click on Inbound Rules tab. Click on Edit Inbound Rules.

There was a default rule already added.

Click on Add Rule and select the protocol as SSH and source as Custom. Click on the search box next to Custom and select and save the rule.

The EC2 instance was now ready to accept incoming SSH connections.

Before moving ahead, we need the public IPv4 DNS address of the instance. Select your instance from Instances in the sidebar menu.

Now to login to the EC2 instance, we type the following

sudo ssh -i "keyfile.pem" ubuntu@ip4-public-dns

Note: Amazon AWS has default usernames for AMIs based on the type of image which can be found on here

When prompted, type yes.

Succesfull SSH into the EC2 instance

With this, we have successfully logged in to our new EC2 instance using SSH.


AWS EC2 User Guides - Connection Prerequisites

AWS EC2 User Guides - Accessing Instances using SSH

Provisioning EC2 Keypairs with Terraform

How To Launch An EC2 Instance Using Terraform

Unable to Connect to Your EC2 Instance Using SSH