Terraform Cheatsheet

Initialize Workspace

This is used to download and configure providers in your terraform code:

terraform init

Resource: https://learn.hashicorp.com/tutorials/terraform/eks

Run the terraform code

terraform apply

Destroy all terraform resources

terraform destroy

List all resources

terraform state list

Resource: https://github.com/hashicorp/terraform/issues/12917

Import existing resources

This particular example will import the OPTIONS method from an API gateway.

Put the following in main.tf:

resource "aws_api_gateway_method" "options_method" {

Then run this command to import it:

/usr/local/bin/terraform import aws_api_gateway_method.options_method <api_gateway_id>/<api_resource_id>/OPTIONS

You can find the output by running this command:

terraform show

Another example (import the POST gateway method):
put the following in main.tf:

resource "aws_api_gateway_method" "post_method" {

command to import:

/usr/local/bin/terraform import aws_api_gateway_method.post_method <api_gateway_id>/<api_resource_id>/POST

One last example (import stage):
put the following in main.tf:

resource "aws_api_gateway_stage" "<stage_name>" {

command to import:

/usr/local/bin/terraform import aws_api_gateway_stage.<stage_name> <api_gateway_id>/<stage_name>


Secrets Manager

Create blank secret:

resource "aws_secretsmanager_secret" "IRCSecrets" {
  name = "irc/client/credentials"
  description = "My IRC client credentials"

Resource: https://gist.github.com/anttu/6995f20e641d4f30a6003520f70608b3

Create IAM role to run on an instance and attach it


# Policy for role that uses STS to get credentials to access ec2 instances
resource "aws_iam_role" "ec2_iam_role" {
  name               = "ec2_iam_role"
  assume_role_policy = file("iam_role_policy.json")

  tags = {
    Name = "ec2_iam_role"

# Group together roles that apply to an instance
resource "aws_iam_instance_profile" "ec2_iam_instance_profile" {
  name = "ec2_iam_instance_profile"
  role = aws_iam_role.ec2_iam_role.name

# Policy for ansible control nodes
resource "aws_iam_role_policy" "ec2_iam_role_policy" {
  name               = "ec2_iam_role_policy"
  role               = ec2_iam_role.id
  policy = file("ec2_iam_role_policy.json")


    "Version": "2012-10-17",
    "Statement": [
        "Action": "sts:AssumeRole",
        "Principal": {
          "Service": "ec2.amazonaws.com"
        "Effect": "Allow",
        "Sid": ""

ec2_iam_role_policy.json - this is going to be variable based on what you want your ec2 instance to do. Here's an eaxmple that allows it to do a bunch of logging stuff:

    "Version": "2012-10-17",
    "Statement": [
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
            "Resource": [


resource "aws_instance" "ec2_node" {
  ami                         = "ami-07dd19a7900a1f049"
  instance_type               = "t3.medium"
  key_name                    = "ec2-key"
  # Enable termination protection
  disable_api_termination     = true
  vpc_security_group_ids      = [aws_security_group.name1.id, aws_security_group.name2.id]
  subnet_id                   = "your_subnet_id"
  associate_public_ip_address = true

  root_block_device {
    volume_size           = 100
    delete_on_termination = true

  tags = {
    Name = "ec2_node"
  iam_instance_profile = "aws_iam_instance_profile.ec2_iam_instance_profile.name"


Import existing IAM role

  1. Create a directory and run terraform init
  2. Create a placeholder like so
resource "aws_iam_role" "yourrolename" {
  name = "yourrolename"
  assume_role_policy = "{}"
  1. Run this command to import the existing role:
terraform import aws_iam_role.yourrolename <the name of the existing role>
  1. Run terraform show to get the block of terraform code that you'll want to implement

Resource: https://mklein.io/2019/09/30/terraform-import-role-policy/