HashiCorp : Terraform Cloud

Terraform Cloud Workspaces

Lab Solution Local Execution

In this guide, we’ll walk through configuring and running Terraform Cloud Workspaces using local execution mode. Follow each step to authenticate, set up AWS credentials, create your workspace, and manage your infrastructure—all from your local machine.

The image shows a KodeKloud lab interface for "Terraform Cloud Workspace - Local Execution," with instructions and shortcuts for using VS Code on the left and a file explorer with a README.md file open on the right.

Table of Contents

  1. Authenticate the CLI with Terraform Cloud
  2. Configure AWS Credentials
  3. Create a Terraform Cloud Workspace
  4. Match Versions & Set Execution Mode
  5. Initialize, Plan, and Apply
  6. Verify in Terraform Cloud
  7. Tear Down Infrastructure

1. Authenticate the CLI with Terraform Cloud

First, log in to Terraform Cloud from your terminal:

terraform login

Follow the on-screen prompts to generate a new API token.

The image shows a web interface for creating an API token on Terraform Cloud, with a dialog box prompting for a description.

When prompted, paste your API token into the terminal. Successful authentication will display your user ID and a confirmation message.

CommandDescription
terraform loginAuthenticate your local CLI with Terraform Cloud

2. Configure AWS Credentials

Export your AWS credentials as environment variables:

export AWS_ACCESS_KEY_ID=YOUR_AWS_ACCESS_KEY_ID
export AWS_SECRET_ACCESS_KEY=YOUR_AWS_SECRET_ACCESS_KEY

Warning

Never commit your AWS credentials or API tokens to version control. Use environment variables or a secrets manager.

Note

These lab environments automatically tear down after one hour, so your temporary credentials remain safe.

Environment VariablePurpose
AWS_ACCESS_KEY_IDAWS API access key
AWS_SECRET_ACCESS_KEYAWS API secret key

3. Create a Terraform Cloud Workspace

In Terraform Cloud’s web UI:

  1. Select your organization.
  2. Click New Workspace → CLI-driven workflow.
  3. Enter:
    • Name: devops-aws-myapp-dev
    • Description: Development environment for MyApp on AWS.

The image shows a web interface for creating a new workspace in Terraform Cloud, with fields for entering a workspace name and description. There are options to configure settings and buttons to create or cancel the workspace creation.

Add the following backend configuration to backend.tf (or your chosen .tf file):

terraform {
  cloud {
    organization = "Mastering-Terraform-Cloud"
    workspaces {
      name = "devops-aws-myapp-dev"
    }
  }
}

4. Match Versions & Set Execution Mode

Ensure your local Terraform version matches the workspace setting:

terraform version

In Terraform Cloud’s UI, go to Workspace → Settings → General, then:

  • Set Terraform Version to match your local client.
  • Change Execution Mode to Local.
  • Save your changes.

The image shows the General Settings page of a Terraform Cloud workspace, with fields for ID, Name, Description, Execution Mode, and Remote State Sharing options.

5. Initialize, Plan, and Apply

Initialize your local directory and review the execution plan:

terraform init
terraform plan

Expected plan output:

Plan: 23 to add, 0 to change, 0 to destroy.

Changes to Outputs:
  + clumsy-bird-ip  = (known after apply)
  + clumsy-bird-url = (known after apply)

Apply your configuration:

terraform apply -auto-approve

Sample apply summary:

Apply complete! Resources: 23 added, 0 changed, 0 destroyed.

Outputs:
  clumsy-bird-ip  = "http://18.214.74.214:8001"
  clumsy-bird-url = "http://ec2-18-214-74-214.compute-1.amazonaws.com:8001"

6. Verify in Terraform Cloud

Navigate to Workspace → Runs and inspect the latest run. You’ll see resource details and outputs:

{
  "outputs": {
    "clumsy-bird-ip": {
      "value": "http://18.214.74.214:8001",
      "type": "string"
    },
    "clumsy-bird-url": {
      "value": "http://ec2-18-214-74-214.compute-1.amazonaws.com:8001",
      "type": "string"
    }
  },
  "resources": [
    {
      "mode": "data",
      "type": "aws_ami",
      "name": "ubuntu",
      "provider": "provider.terraform.io/hashicorp/aws"
    }
  ]
}

7. Tear Down Infrastructure

When testing is complete, destroy all resources:

terraform destroy -auto-approve

Confirm the teardown:

Plan: 0 to add, 0 to change, 23 to destroy.
Do you really want to destroy all resources in workspace "devops-aws-myapp-dev"? ... yes ...
Apply complete! Resources: 0 added, 0 changed, 23 destroyed.

Watch Video

Watch video content

Practice Lab

Practice lab

Previous
Terraform Cloud Workspaces