10x Terraform Mastery: Terraform Associate 2026 Blueprint

Together we will new free tier AWS account . Be ready with your credit card and cell phone . AWS does not charge if you are creating  free tier eligible resources. Remember , you get 750 hours of resources for one year. That  means,  you can create  and run two  t2.micro instance  for 375 hours!

When you create AWS free tier account , first thing you should  do , setup MFA for accounts's root user , which is email address you provide during account creation. And  protect your account.

You should never use root user for day to day work. Instead , login as root user , create new separate user , we call it admin user , assign required permission to it. Also setup MFA(Multi Factor Authentication) for this new admin user. Always remember to protect your account and users!

Before running terraform command we need to setup AWS Cli and configure the Access Key ID and Secret Access Key for the new Admin user. Terraform can authenticate against AWS using these API keys(Access Key ID and Secret Access Key) and create/update/Destroy resource as per our defined configurations.

Download Terraform Binary

Configure AWS command line tool on windows  and configure Access Key ID and Secret Access Key before start running Terraform command. Then install Terraform binary and configure PATH to access it from any  directory.

Now you are ready to install Terraform binary and use it!  It's very easy to install on Mac and windows.Its just single  binary file.

You can choose  any code editor you like! We will discuss few key features  if you choose Visual Studio Code  and are new to this tool.

When you  start new  Terraform project , first thing you do , define provider in your code. As you define , Terraform download corresponding plugins for that provider  , in our scenario AWS as provider.

Hello world for Terraform ! Simple few lines of code and create new server , In AWS it is called EC2 instance.

Update the user_data for the  terraform code we have written for  single server and create a new Apache web server . Its so simple !

We will update the same code for single web server  and look for the hard coded value and parametrize those. Declare variable whenever you see hard coded value . Make it more portable and reusable that should be goal for all the terraform code you write!

when you have fleet of servers , how would you scale up and down based on the usage ?  Auto Scaling Group comes handy cloud service which is used for scaling based on resource usage. Even you can set the target metric and it can track usage. It scales up and down the resources based on the target you set ! Isn't that cool !  We will do the lab  and apply  Target Tracking Policy.

What would you do when you want to multiply the number resources ? say you want 30 or 40 or 100 EC2 instances or any other resources ! you  will copy the same resource for 100 times !   Easy way is to define count parameter  and multiply the resources.

when you setup web servers in cluster  in auto scale group , it arises access problem for users as you cannot give individual server URL address to the users! You need load balancers and integrate that load balancer with Auto Scaling Group. In this scenario we have used Application Load Balancer. We will setup target group and listener resources as well.

Interpolation is very powerful in Terraform code.It can call attribute value  from any other part of terraform code or from other module and  help to create new resource. You will use it very frequently.

As you progress to write your won terraform code and work in Production environment , terraform commands are very useful n every situation. Sometime commands like , terraform target or terraform taint will save you in critical situation , big time!  Play with these commands ....

How can you declare variables  and access from other part of terraform code ? Look for any values that is hard coded and declare a variable for those , parameterize them immediately. Else , nobody can reuse your terraform stack!

How can you output attributes of  all the resources you have defined in your code and then access them from other part of your code?

Accessing readonly  remote state of another terraform stack is very useful when you just access resource (ex. security group id ) created by other stack and use it in your terraform code. One use case , you want create global security group for all the fleet of instances and anyone can access this security group id and attach to their EC2 fleet.

How do you create a IAM policy statement and use it multiple times in different roles you create ?  or you want to find EC2 instance , filter with TAGs and  perform any action on them ?  Data resource comes really handy in such scenario.

How modules are useful ?

What is module ?  Whats the syntax to declare module ?  Every Terraform configuration has at least one module, known as its root module, which consists of the resources defined in the .tf files in the main working directory.

what is module inputs ? How  can you declare module inputs ? Module variable  may or may not have default value assigned.

whats the syntax to defile module output ? how can you access them from other  terraform stack ? Module is very power for this output feature as multiple module can work together for large infrastructure and it increases reusability.

Two very important gotcha you should remember as you are writing more complex terraform code. Always use the interpolation "${path.module}" for file paths in module. And always prefer to use separate resource than inline resources , I will demonstrate you how to use them.

How can you update your module when it is used by 100s of other team members? Your update may break their terraform stack  who are using to create their infrastructure. Module versioning is the solution for that. You use git repository as source of your module. Then do a "git tag" to your update and use the tag information in terraform module source argument. Go through the demonstration and apply in your project.

store state about your managed infrastructure and configuration. This state is used by Terraform to map real world resources to your configuration, keep track of metadata, and to improve performance for large infrastructures.This state is stored by default in a local file named "terraform.tfstate", but it can also be stored remotely, which works better in a team environment. Terraform uses this local state to create plans and make changes to your infrastructure. Prior to any operation, Terraform does a refresh to update the state with the real infrastructure.

Practically , terraform  is state manager !  And thats why its popular in community !

All resource  state is stored by default in a local file named "terraform.tfstate", but it has to  be stored remotely, which works better in a team environment. Else you are the only one who can update the infrastructure as your laptop/desktop has terraform.tfstate stored locally! 

We are going to use  Amazon S3 storage for remote state storage.

what happens when two or more team member tries to run terraform on same stack ?  its dangerous situation as it might corrupt your terraform state due to race condition !

we are going to use AWS service DynamoDB to lock the state so that others will have to wait when one team member is running terraform command on the same stack.

why do we need to isolate state from DEV or QA or PROD ? Frequency of changes in DEV is many times higher than PROD. Why do we want to put production stack in risk for each update in DEV when we have DEV and PROD sharing the same state? 

We should always isolate the terraform state for each environment ! 

We should always think in terms of resources before writing the code. For EBS we need  two key resources , "aws_ebs_volume" and "aws_volume_attachment"

create IAM policy document and attach  that policy to role. You can assign the role to EC2 instance and make it instance profile. 

syntax to create new public zone and create new record.Understand all the arguments we need for route53 resource.

A complete demonstration to create  new VPC  and create private /Public subnets. Then create Internet Gateway  and attach the route resources. Create NAT gate way and attach route resource for private subnet. Understand how all the resources are created sequentially as they have dependency. 

How hard coded credentials look like so you can remove one when you find in any code. also you should avoid   embedding credentials in you terraform code at all cost.

You have probably used Assume Role in AWS console and also in  AWS CLI to create temporary credentials. and you can use the same temporary credentials to create  resources that is allowed in the role you have assumed.  However we can leverage the same in Terraform as well. We  just need to declare assume role code block in provider section.

you can prevent from displaying username , password , cluster name , customer name in terminal or sending them in a logging system. you just need to declare the argument sensitive = true. One caveat , sensitive informations still remain as clear text in state file. So make sure state file has restricted to access.

By default provider allows us to use one provider and associated regions . We cant create resources in two or more regions at teh same time unless we use alias argument. This is same  procedure when we create resources in AWS and Azure platform from same Configuration.

Use profile argument in provider section and create resources in multiple accounts in same terraform configurations.

why provisioner ? difference between local and remote provisioner ?

how can local-exec provisioner be useful to automate infrastructure stack creation ?

how can we create fleet of ec2 instances and run commands remotely , monitor at the same time how the remote commands being run ? remote-exec comes very handy . Only caveat is , you have to manage PEM/private key securely for the instances as remote-exec uses it to login and run commands on the instances remotely.  It provides visibility instantly on the console on why and when one command failed .

How can  we create identical infrastructure same as prod? and without writing terraform code ?  Workspace is very easy to use and handy to create identical infrastructure .

what are the useful workspace  commands to create identical infrastructure ? play with them...

I will demonstrate how to change code and use special interpolation to use workspace feature. The run your workspace commands to create infrastructure.

how can we create two or more identical or with  little variation infrastructure just changing the variable values ?  we can use .tfvars file in "terraform init" command as a argument. .tfvar file has variable values.  Also we need to provide  remote state bucket key information in the command line when we initialize running  "terraform init" . Basically the stack has one backend configuration  with bucket information but without Key. Now , each new stack   has to be initialized with new and unique state bucket key information to isolate the state.

One caveat to use .tfvar is that you need to tag all the resources with .tfvar  information as well . Else you don't know which resource is created by which .tfvar!