Terraform AWS EC2 Deployment This project provisions an Amazon EC2 instance on AWS using Terraform, installs Apache (httpd), and serves a simple web page.
It uses: Remote backend in S3 for Terraform state DynamoDB for state locking Default VPC and subnet Security Group allowing HTTP (port 80)
π Project Structure
βββ backend.tf # Remote backend (S3 + DynamoDB) βββ main.tf # Core infrastructure (EC2, SG, AMI, VPC) βββ variables.tf # Input variables βββ outputs.tf # Terraform outputs βββ versions.tf # Terraform & provider version constraints βββ readme.md # Project documentation
ποΈ Infrastructure Created This Terraform configuration provisions: β 1 EC2 instance (Amazon Linux 2023) β Security Group (HTTP only β port 80 open to public) β Apache Web Server installed via user_data β Public IP assigned automatically β Remote state stored in S3 β State locking using DynamoDB
βοΈ Backend Configuration Remote state is stored in: S3 Bucket: pathnex-feb-2026-batch Key: pathnex/terraform.tfstate Region: us-east-1 DynamoDB Table: terraform-locks Encryption: Enabled
π§ Requirements Terraform >= 1.6.0 AWS Provider ~> 5.0 AWS CLI configured AWS profile configured
Example: export AWS_PROFILE=pathnex
π Variables Variable Description Default aws_region AWS region us-east-1 instance_type EC2 instance type t3.micro name_prefix Name prefix for tags Pathnex-Feb-2026 tags Common resource tags { Project = "terraform-class" }
π How to Deploy 1οΈβ£ Format Code (Best Practice) Always format Terraform code before deployment: terraform fmt -recursive 2οΈβ£ Initialize Terraform terraform init 3οΈβ£ Validate Configuration terraform validate 4οΈβ£ Plan Deployment terraform plan 5οΈβ£ Apply Infrastructure terraform apply Type yes when prompted.
π Access the Web Server After successful deployment, Terraform will output: instance_id public_ip web_url
Example: web_url = http://
Open the URL in your browser to see: Hello All, Today is 18 Feb 2026 and ec2 creation with the help of terraform is successful # you can change it in "user_data" section in main.tf
π Security Group Rules Inbound Port 80 (HTTP) β 0.0.0.0/0 Outbound All traffic allowed
π How This Can Be Improved for Production In production, the following improvements should be implemented:
π Networking & Security Place EC2 instances in private subnets Use an Application Load Balancer (ALB) for public traffic Allow traffic only from ALB Security Group β EC2 Security Group Enable HTTPS (port 443) with SSL certificates Restrict Security Group CIDR ranges Use NACLs for additional network control Enable VPC Flow Logs
π Identity & Access Use IAM Roles (no static credentials) Follow least-privilege IAM policies Enable MFA for AWS users
π Monitoring & Logging Enable CloudWatch Logs Enable CloudWatch Alarms Enable AWS Config Enable GuardDuty
πΎ Data Protection Enable EBS encryption Enable S3 versioning on backend bucket Enable S3 bucket access logging
π High Availability & Scaling Use Auto Scaling Group (ASG) Use Launch Templates Deploy across multiple Availability Zones Add Health Checks
π§ͺ DevOps Best Practices Use separate environments (dev/stage/prod) Use remote variable files Integrate with CI/CD (GitHub Actions / Terraform Cloud) Add security scanning (tfsec, checkov) Use pre-commit hooks Implement modular Terraform structure
π§Ή Destroy Infrastructure To remove all created resources: terraform destroy
π·οΈ Tags Used Resources are tagged with: Project = terraform-class Name = pathnex-feb-tf-instance batch = Pathnex-Feb-2026
π Learning Objectives Covered Terraform remote backend configuration State locking using DynamoDB EC2 provisioning Security Groups Data sources (VPC, Subnets, AMI) User data scripting Outputs Terraform formatting (terraform fmt) Infrastructure as Code best practices
π¨βπ» Author www.youtube.com/@pathnex