AWS & Terraform Bootcamp

Deploy Real Infrastructure in the Cloud — Fast.

with Martin Feineis

Learn by Building

We'll create a serverless data storing and sharing application — using Terraform! We will be able to send message to it, and retrieve them with a unique message ID.

Architecture Diagram

Contact Form

View a Submitted Message

Sender:

Recipient:

Message:

Who Should Enroll?

  • ✅ You want to learn AWS through real projects
  • ✅ You're curious about Terraform and automation
  • ✅ You like hands-on learning with zero fluff

By the End, You'll Be Able To…

  • Provision AWS resources using Terraform
  • Can build a serverless Api with Lambda Functions
  • Understand Infrastructure as Code principles and concepts

3 Core Parts

  1. Cloud & AWS Fundamentals
  2. IaC and Terraform Basics - short and crisp
  3. Build and Deploy a Serverless API

Why I deccided to make this course

About the Instructor

I've taught, mentored, and worked in cloud infrastructure for 10+ years. Many terraform course I took only built Virtual Machines and datacenter like resources but failed to teach and take advantage of modern Cloud products and resource which also allow building applications that are cheaper, scalabale and needs less administration and management.

We'll build things, break things, and learn fast — together.

What You'll Need

  • 💻 A computer (Mac, Linux, or Windows)
  • 📝 A text editor (e.g., VS Code)
  • 🖥️ Willingness to use the command line

Let's Build Something Awesome Together!

Enroll now and get started with real-world Terraform projects.

Part 1: AWS Outline

  1. What is the Cloud and Cloud Servic Providers
  2. What is AWS?
  3. What is ClickOps?
    1. Sign up for an AWS Account
    2. Create SNS Topic through ClickOps
    3. Make a new AWS User for Terraform

What is AWS

AWS logo

AWS: is a Cloud Service Provider owned by Amazon. You can host servers, databases, networks, firewalls there like in a data center.

Resource: A Resource is an AWS object like a virtual machine, a database or a network. Resources are the building blocks of your application.

Deployment: A Deployment is the process of creating and configuring resources.

Other Cloud Providers

Cloud Service Provider Logo
Google Cloud Platform (GCP) GCP Logo
Microsoft Azure Azure Logo

Less common Cloud providers

Digital Ocean, Akamai / Linode, Vultr, Hetzner,Alibaba Cloud, Oracle Cloud

AWS regions and locations

AWS global network

AWS DEMO - Create an AWS Account

AWS Step 1

AWS DEMO - Create an AWS Account

AWS Step 2

AWS DEMO - Create an AWS Account

AWS Step 3

AWS DEMO - Create an AWS Account

AWS Step 4

AWS DEMO - Create an AWS Account

AWS Step 5

AWS DEMO - Create an AWS Account

AWS Step 6

AWS DEMO - Create an AWS Account

AWS Step 7

AWS DEMO - Create an AWS Account

AWS Step 8

AWS DEMO - Create an AWS Account

AWS Step 9

AWS DEMO - Create an AWS Account

AWS Step 10

AWS DEMO - Create an AWS Account

AWS Step 11

AWS DEMO - Create an AWS Account

AWS Step 12

SNS Topics

SNS Topics are a AWS Resources to send messages to a group of subscribers.

SNS Topics are also very quickly deployed and SNS Topics with the same name can exist in the same account making them ideal candidates to test connections between IaC tools like Terraform and AWS.

AWS DEMO - AWS Dashboard and SNS Topic

AWS DEMO - Dashboard

AWS Dashboard 1

AWS DEMO - SNS Topic

AWS SNS Topic 1

AWS DEMO - SNS Topic

AWS SNS Topic 3

AWS DEMO - SNS Topic

AWS SNS Topic 4

AWS DEMO - SNS Topic

Provide a Name or Identifier for this resource

AWS SNS Topic 5

AWS DEMO - SNS Topic

We just pick the bare minimum default options

AWS SNS Topic 6

AWS DEMO - SNS Topic

Scroll to the bottom and click the "Create topic" button

AWS SNS Topic 7

AWS DEMO - SNS Topic

That's it, the topic resource got created.

AWS SNS Topic 8

AWS DEMO - SNS Topic

Click on "Topics" on the left to verify everything is as expected

AWS SNS Topic 9

Part 2: Terraform Outline

  1. What is IaC and why not ClickOps?
  2. Installing Terraform
    1. Installing on Windows
    2. Installing on Mac
  3. Terraform Commands
    1. Main Commands: Plan, apply, destroy
    2. Other useful Commands: init, fmt, validate

Why IaC (Infrastructure as Code)

IaC makes tracking resources and deployments into AWS reliable and reproducible. IaC is scalable.

The code can be used as documentation.

What is IaC (Infrastructure as Code)

IaC are not a general purpose languages/frameworks.

IaC languages are declarative.

When applied they update the state of a system to match the IaC configuration.

Terraform

Terraform is an IaC Framework and command line toolofficial tutorial

Nomenclature:

Providers: Connectors to cloud providers like AWS or other services.

Prerequisities

Command Line access: Powershell (Windows) / Terminal (Mac/Linux)

Actions will be done both in Command Line and through Graphical User Interface (GUI) where possible.

Installation on Windows

Create Work Directory


							PS C:\> mkdir C:\terraform
							PS C:\> cd C:\terraform
						

Actions will be done both in Command Line and through Graphical User Interface (GUI) where possible.

Download Terraform

Download Terraform

Go to the Terraform Download Page

Download Terraform

Download Terraform

Download Terraform for Windows

Alternatively download it through Powershell, be aware that the command below downloads version 1.11.4. You can replace the URL with the Link from the Download Page to get the latest version.


							PS C:\> Invoke-WebRequest -Uri https://releases.hashicorp.com/terraform/1.11.4/terraform_1.11.4_windows_amd64.zip
						

Unzip terraform into Work Directory

Unzip terraform into the directory we created

Unzip Terraform

							PS C:\terraform> Expand-Archive -LiteralPath "$env:USERPROFILE\Downloads\terraform_1.11.4_windows_amd64.zip" -DestinationPath 'C:\terraform\'
						

Verifying Installation

If everything worked correctly and we type terraform in the terminal now we should see an output with the available terraform commands like this: (abbreviated)


							PS C:\terraform> .\terraform.exe
								....
							Main commands:
							init          Prepare your working directory for other commands
							validate      Check whether the configuration is valid
							plan          Show changes required by the current configuration
							apply         Create or update infrastructure
							destroy       Destroy previously-created infrastructure
								....
						

Installing Terraform on Mac

Terraform is an IaC Framework official tutorial

Nomenclature:

Providers: Connectors to cloud providers like AWS or other services.

Connecting Terraform to AWS

For terraform to know to which cloud and account to interact with we need the AWS Provider

Why Create AWS Terraform user

Human Users: Log in to the dashboard and interact with AWS in unpredicatble ways; testing new features, developing new products, etc.

Machine users: interact with or within terraform in very predictable ways and patterns and doing repetitiv work; creating files (e.g. log files) in the same location, checking status of systems every few minutes

Create AWS Terraform user

more on AWS

Login again to AWS Dashboard and search for IAM

Search for IAM

Click on Users

Click on Users

Create Users

Click on Users

Provide name for Users, but do not enable dashboard access since we only use this one for terraform.

Username

Attach Power User policy

User Policy

Attach Power User policy

User Policy

Review, verify and create

Verify user

When finished we can see the new user in the IAM Dashboard

User in Dashboard

Add Access Keys to terraform user

AWS provides username and password logins to the Dashboard for human users.

For machine users, like terraform, AWS provides Access and secret keys. In this section we create those for the terraform user we made earlier.

more info on AWS

In the IAM Dashboard select the terraform user, and click on create access key

User in Dashboard

In the IAM Dashboard select the terraform user, and click on create access key

User in Dashboard

Usecase for our keys CLI appliation. This does not change anything on the keys and is just used for AWS-internal recommendations.

User in Dashboard

Set a description

User in Dashboard

Download the key

Important, if you don't download or save the key at this point you will not be able to do so later and won't be able to use these keys. So you would have to create new keys and probably delete the ones you created here.

User in Dashboard

Access and Secret Key

The Information from the CSV file or the dasboard should look like this:

Never share those credentials and treat them with the highest security mindset.

The credentials below are fake and are only used for exmplarory purpose.


						Access key ID,Secret access key
						AKIA5FAKEKEYSTUFF,899-fake&secret&key
					

Create first terraform file

In our terraform directory, we create a new file called providers.tf and put in the code for an aws provider with the credentials from the previous section.


						provider "aws" {
							region     = "us-east-2"
							access_key = "AKIA5FAKEKEYSTUFF"
							secret_key = "899-fake&secret&key"
						  }
					

Initialize terraform

With the aws provider added we run terraform init to install the provider. The command output should look like this:


						PS C:\terraform> .\terraform.exe init
						Initializing the backend...
						Initializing provider plugins...
						- Finding latest version of hashicorp/aws...
						- Installing hashicorp/aws v5.94.1...
						- Installed hashicorp/aws v5.94.1 (signed by HashiCorp)
						....					
						Terraform has been successfully initialized!
					

Terraform commans

If you run terraform without any arguments you get a list of all available commands. The output should look like this:


						PS C:\terraform> .\terraform.exe init
						Usage: terraform [global options] $lt subcommand $gt [args]

							The available commands for execution are listed below.
							The primary workflow commands are given first, followed by
							less common or more advanced commands.
							
							Main commands:
							  init          Prepare your working directory for other commands
							  validate      Check whether the configuration is valid
							  plan          Show changes required by the current configuration
							  apply         Create or update infrastructure
							  destroy       Destroy previously-created infrastructure
							
							All other commands:
							  console       Try Terraform expressions at an interactive command prompt
							  fmt           Reformat your configuration in the standard style
							  force-unlock  Release a stuck lock on the current workspace
							  get           Install or upgrade remote Terraform modules
							  graph         Generate a Graphviz graph of the steps in an operation
							  import        Associate existing infrastructure with a Terraform resource
							  login         Obtain and save credentials for a remote host
							  logout        Remove locally-stored credentials for a remote host
							  metadata      Metadata related commands
							  modules       Show all declared modules in a working directory
							  output        Show output values from your root module
							  providers     Show the providers required for this configuration
							  refresh       Update the state to match remote systems
							  show          Show the current state or a saved plan
							  state         Advanced state management
							  taint         Mark a resource instance as not fully functional
							  test          Execute integration tests for Terraform modules
							  untaint       Remove the 'tainted' state from a resource instance
							  version       Show the current Terraform version
							  workspace     Workspace management
							
							Global options (use these before the subcommand, if any):
							  -chdir=DIR    Switch to a different working directory before executing the
											given subcommand.
							  -help         Show this help output, or the help for a specified subcommand.
							  -version      An alias for the "version" subcommand.
					

Terraform Main Commands

In this section we learn about the subcommands that terraform uses to do its job, mainly there are

  1. plan: compare IaC code, with system state and actual resources built in the cloud
  2. apply: make any changes needed to align our code with the Cloud resources
  3. destroy: Let's safe money and remove everything until we need it again.

Terraform additional usefule Commands

In this section we learn about the subcommands that terraform uses to do its job, mainly there are

  1. fmt: compare IaC code, with system state and actual resources built in the cloud
  2. apply: make any changes needed to align our code with the Cloud resources
  3. destroy: Let's safe money and remove everything until we need it again.

Remaining Commands

The remaining commands are advanced and I will cover them in a future video of this series.

Building resources quickly

To find the neccessary syntax for a given rerources we can go to the AWS provider docs on the Hashicorp Website.

Add SNS test resource

To test that terraform works correctly we create a test resource, it should adhere to these requirements:

  1. just a few lines of code
  2. deploys quickly
  3. no dependecies on other resources

SNS topics are perfect for this, they only need 3 lines of code, deploy within a few seconds and can exist by and on itself. VPCs (virtual networks) need more code, and S3 buckets have to be globally unique making them less suitable for testing.

so lets create a file named main.tf an put in the following code. The code and more info can be found here


						resource "aws_sns_topic" "test_topics" {
							name = "first-test-resource"
						  }
					

terraform planning

Running terraform plan we get some output like the one below showing us which resources terraform would created (marked with a green + ), destroy (marked with a red - ) or changed (marked with a yello ~)


						PS C:\terraform> .\terraform.exe plan
						Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
						+ create
					  
					  	Terraform will perform the following actions:
					  
						# aws_sns_topic.test_topics will be created
						+ resource "aws_sns_topic" "test_topics" {
							+ arn                         = (known after apply)
							+ beginning_archive_time      = (known after apply)
							+ content_based_deduplication = false
							+ fifo_topic                  = false
							+ id                          = (known after apply)
							+ name                        = "first-test-resource"
							+ name_prefix                 = (known after apply)
							+ owner                       = (known after apply)
							+ policy                      = (known after apply)
							+ signature_version           = (known after apply)
							+ tags_all                    = (known after apply)
							+ tracing_config              = (known after apply)
						  }
					  
					  Plan: 1 to add, 0 to change, 0 to destroy.
					

terraform applying

Running terraform plan we get some output like the one below showing us which resources terraform would created (marked with a green + ), destroy (marked with a red - ) or changed (marked with a yello ~)


						PS C:\terraform> .\terraform.exe plan
						Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
						+ create
					  
					  Terraform will perform the following actions:
					  
						# aws_sns_topic.test_topics will be created
						+ resource "aws_sns_topic" "test_topics" {
							+ arn                         = (known after apply)
							+ beginning_archive_time      = (known after apply)
							+ content_based_deduplication = false
							+ fifo_topic                  = false
							+ id                          = (known after apply)
							+ name                        = "first-test-resource"
							+ name_prefix                 = (known after apply)
							+ owner                       = (known after apply)
							+ policy                      = (known after apply)
							+ signature_version           = (known after apply)
							+ tags_all                    = (known after apply)
							+ tracing_config              = (known after apply)
						  }
					  
					  Plan: 1 to add, 0 to change, 0 to destroy.
					  
					  Do you want to perform these actions?
						Terraform will perform the actions described above.
						Only 'yes' will be accepted to approve.
					  
						Enter a value: yes
					  
					  aws_sns_topic.test_topics: Creating...
					  aws_sns_topic.test_topics: Creation complete after 1s [id=arn:aws:sns:us-east-2:929529788344:first-test-resource]
					  Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
					

terraform applying

Running terraform plan we get some output like the one below showing us which resources terraform would created (marked with a green + ), destroy (marked with a red - ) or changed (marked with a yello ~)


						PS C:\terraform> .\terraform.exe plan
						Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
						+ create
					  
					  Terraform will perform the following actions:
					  
						# aws_sns_topic.test_topics will be created
						+ resource "aws_sns_topic" "test_topics" {
							+ arn                         = (known after apply)
							+ beginning_archive_time      = (known after apply)
							+ content_based_deduplication = false
							+ fifo_topic                  = false
							+ id                          = (known after apply)
							+ name                        = "first-test-resource"
							+ name_prefix                 = (known after apply)
							+ owner                       = (known after apply)
							+ policy                      = (known after apply)
							+ signature_version           = (known after apply)
							+ tags_all                    = (known after apply)
							+ tracing_config              = (known after apply)
						  }
					  
					  Plan: 1 to add, 0 to change, 0 to destroy.
					  
					  Do you want to perform these actions?
						Terraform will perform the actions described above.
						Only 'yes' will be accepted to approve.
					  
						Enter a value: yes
					  
					  aws_sns_topic.test_topics: Creating...
					  aws_sns_topic.test_topics: Creation complete after 1s [id=arn:aws:sns:us-east-2:929529788344:first-test-resource]
					  Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
					

terraform applying

After removing the sns topic from the main.tf file and running terraform plan we see in the output below how terraform would remove the sns topic if we ran terraform apply.


						PS C:\terraform> .\terraform.exe plan
						aws_sns_topic.test_topics: Refreshing state... [id=arn:aws:sns:us-east-2:929529788344:first-test-resource]
						hoolahoop
whyisitnotworking
						Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
						  - destroy
						
						Terraform will perform the following actions:
						
						  # aws_sns_topic.test_topics will be destroyed
						  # (because aws_sns_topic.test_topics is not in configuration)
						  - resource "aws_sns_topic" "test_topics" {
							  - application_success_feedback_sample_rate = 0 -> null
							  - arn                                      = "arn:aws:sns:us-east-2:929529788344:first-test-resource" -> null
							  - content_based_deduplication              = false -> null
							  - fifo_topic                               = false -> null
							  - firehose_success_feedback_sample_rate    = 0 -> null
							  - http_success_feedback_sample_rate        = 0 -> null
							  - id                                       = "arn:aws:sns:us-east-2:929529788344:first-test-resource" -> null
							  - lambda_success_feedback_sample_rate      = 0 -> null
							  - name                                     = "first-test-resource" -> null
							  - owner                                    = "929529788344" -> null
							  - policy                                   = jsonencode(
									{
									  - Id        = "__default_policy_ID"
									  - Statement = [
										  - {
											  - Action    = [
												  - "SNS:GetTopicAttributes",
												  - "SNS:SetTopicAttributes",
												  - "SNS:AddPermission",
												  - "SNS:RemovePermission",
												  - "SNS:DeleteTopic",
												  - "SNS:Subscribe",
												  - "SNS:ListSubscriptionsByTopic",
												  - "SNS:Publish",
												]
											  - Condition = {
												  - StringEquals = {
													  - "AWS:SourceOwner" = "929529788344"
													}
												}
											  - Effect    = "Allow"
											  - Principal = {
												  - AWS = "*"
												}
											  - Resource  = "arn:aws:sns:us-east-2:929529788344:first-test-resource"
											  - Sid       = "__default_statement_ID"
											},
										]
									  - Version   = "2008-10-17"
									}
								) -> null
							  - signature_version                        = 0 -> null
							  - sqs_success_feedback_sample_rate         = 0 -> null
							  - tags_all                                 = {} -> null
								# (17 unchanged attributes hidden)
							}
						
						Plan: 0 to add, 0 to change, 1 to destroy.
						
						───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
						
						Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run "terraform apply" now.
					

Part 3

Creating a Lambda Function

Lambda Functions are AWS Resources that can run functions of code. They can be used to retrieve, send or edit information. Lambda functions also run in the cloud without the need to provision a server.AWS Lambda

What we are going to build

Serverless API to read and sava arbitrary text data

Architecture Diagram

In this course we will be focusing on building resources, in the second part of this series we will dive deeper into the more advanced topics and structures of terraform.

Dynamo Database

Create a new file named database.tf it will contain the configuration for a Database in AWS


					resource "aws_dynamodb_table" "data_store" {
						name         = "data-store"
						hash_key     = "id"
						billing_mode = "PAY_PER_REQUEST"
						attribute {
						  name = "id"
						  type = "N"
						}
					

What does this code do?


				resource "aws_dynamodb_table" "data_store" {
					name         = "our-db"
					hash_key     = "id"
					billing_mode = "PAY_PER_REQUEST"
					attribute {
					  name = "id"
					  type = "N"
					}
				

Line 1 tells terraform this block is a resource of type aws_dynamodb_table with the name data_store. Line set the AWS Name to our-db. Important: data_store is the reference for terraform, while our-db is the name in AWS. AWS has no concept of the terraform reference name. Line 3 sets the hash_key to the field, "id" and Line 4 set the billing mode is set to PAY_PER_REQUEST, which means that you will be charged based on the number of requests made to the table, and since we will not make a lot of requests this is the cheapest option. Line 5 defines an attribute for the table, in this case the attribute id is defined as a number type (N). Finally, it tags the resource with the project name udemy

Lambda Functions

Lambda functions can execute code in the AWS withouth the need to provision servers. The terraform configuration can be seen here

IAM - Permission management (Quick intro)

In this course we are using 3 differnet objects to manage permissions in AWS.

  • IAM Users: We created a user for us and for terraform to interact with our AWS account.
  • IAM Roles: We are creating a role for the lambda functions and Apigateway to interact with each other.
  • IAM Policies: We already have policies attached to the users and will do so to the roles as well.

IAM - Roles

Roles differ from Users as they meant to be used by other AWS services. They also don't have a password or access keys. Instead, they are assumed by other AWS services or users.

IAM - Policies

IAM Policies are documents written in JSON that define permissions for AWS resources. They can be attached to users, groups or roles. They are used to define what actions are allowed or denied on specific resources.

IAM - Permission management (Quick intro)

For the Lambda Role to interact with other Resources in AWS (APi Gateway and Dynamo Database) it needs to have thoser permissions in AWS. This can be done by using an IAM Role. The terraform configuration can be seen here

Terraform IAM Role

Create a new file named iam.tf


						resource "aws_iam_role" "test_role" {
							name = "test_role"
						  
							# Terraform's "jsonencode" function converts a
							# Terraform expression result to valid JSON syntax.
							assume_role_policy = jsonencode({
							  Version = "2012-10-17"
							  Statement = [
								{
								  Action = "sts:AssumeRole"
								  Effect = "Allow"
								  Sid    = ""
								  Principal = {
									Service = "ec2.amazonaws.com"
								  }
								},
							  ]
							})
						  }
					

We create a new file send_lambda.tf

Why are we creating so many files?

Some terraform projects only have 3-4 files named like main.tf, variables.tf, outputs.tf and providers.tf. When terraform runs in directory it reads all files with terraform extension like; .tf .tfjson then it organizes the resources and builds or updates them. I recommend using meaningful filenames so that we can rely information to a reader without them having to open the file.

Lambda POST Function

Serverless API to read and sava arbitrary text data

Api Gateway

Serverless API to read and sava arbitrary text data