What is Terraform?

Terraform is a tool for building, changing, and versioning infrastructure safely and efficiently. Terraform can manage existing and popular service providers as well as On-premise datacenters.

Hence It is called as Infrastructure as a Code.

In this article, We will learn to Create RDS Instances using Terraform

Installing Terraform:

If you havn’t installed terraform yet, You can go ahead and install using the below article.

Setup Terraform in Ubuntu

Setting up Project Directory:

This is the place where you will store all the terraform files.

So What we are going to do is, we will create a folder and inside that we will create terraform files.

We need to create following files:

creds.tf , providers.tf , .gitignore , main.tf

Terraform will automatically pick all the .tf files within the directory.

Explanation of .tf files:


This is the place where we will store all the AWS secrets such as Access Key ID , Secret Key, Region.

What not to do with Access Keys?

It is always recommended not to use aws access and secret keys directly ina file.

What should we do?

Instead, We will setup awscli, an open source tool that enables you to interact with AWS services using commands in your command-line shell.

Then we will add AWS keys to /home/rahul/.aws/credentials file.

We will ask the terraform to use particular profile when it runs.

I have written an article on , How to install AWS CLI, configure profiles and use it for Terraform.

Install AWS CLI in Ubuntu

aws_access_key – It makes an API call to AWS resources from your machine.

aws_secret_key – Secret Access Key that’s associated with Access Key.

aws_region – The AWS region where you want to create all your resources.


Create RDS Instance

Providers are interfaces to the services that will maintain our resources.There are many cloud providers supported by terraform such as AWS, Azure and Google Cloud, IBM, Oracle Cloud, Digital Ocean.

Hence Amazon Web Services is One Provider.

The AWS Provider requires Access_Key (Which IAM user the terraform should use ) and Secret_key (Allows Authentication) and aws_region represents where the terraform should initiate creating the infrastructure.


You can change the name of this file as per the requirement and based on the Directory structure.

This section can be segregated into 2 parts:

  • Launch an RDS instance from Scratch
  • Launch an RDS instance from latest snapshot

Launch RDS Instance from Scratch:

When launching an RDS Instance for the First time, You need to create Subnet groups, Security Groups , Parameter groups , If you are planning to launch it in a desired VPC and Subnet group.

If you dont have any such requirements, You can use the below terraform script to launch your first RDS instance using terraform.

resource "aws_db_instance" "default" {
allocated_storage = 20
identifier = "testinstance"
storage_type = "gp2"
engine = "mysql"
engine_version = "5.7"
instance_class = "db.m4.large"
name = "test"
username = "admin"
password = "[email protected]"
parameter_group_name = "default.mysql5.7"

aws_db_instance – RDS is the resource we are creating

identifier – unique name for the DB Instance

engine_version – What is the database engine version you want to use

If you want to launch RDs instance in a custom VPC and subnet groups,You can create the same using Terraform.

The VPC where you want to create RDS Instance

resource "aws_vpc" "main" {
cidr_block = ""

A subnet group from Different Availability zones is a minimum requirement before creating an RDS Instance.

Here is the private subnet creation in AZ – A:

resource "aws_subnet" "private-subnet1" {
vpc_id = "${aws_vpc.main.id}"
cidr_block = ""
availability_zone = "AZ-a of the Region"

Here is the private subnet creation in AZ – B:

resource "aws_subnet" "private-subnet2" {
vpc_id = "${aws_vpc.main.id}"
cidr_block = ""
availability_zone = "AZ-b of the region"

Finally We are creating a subnet group using the above subnets A and B:

resource "aws_db_subnet_group" "db-subnet" {
name = "DB subnet group"
subnet_ids = ["${aws_subnet.private-subnet1.id}", "${aws_subnet.private-subnet2.id}"]}

And We have to pass DB subnet group parameter in the main script to use the subnet group which we have created.

db_subnet_group_name = "${aws_db_subnet_group.db-subnet.name}"

Now we have everything in place.

You can now run terraform plan to check what will happen if we execute the scripts.

Apply the terraform script to create RDS instance:

terraform apply
Create RDS Instance
Create RDS Instance

Now We know how to create an RDS instance from Scratch using Terraform.

Launch an RDS Instance using snapshot:

There comes an requirement where you want to launch an RDS instance from existing DB instance.

In this case, We will create a snapshot of the existing RDS instance and use to launch an New RDS Instance with same data.

Consider you have an snapshot in place, Let’s go ahead and create an DB instance using it.

Here is the terraform script,

We are checking for the latest snapshot of the “testinstance” DB instance.

data "aws_db_snapshot" "db_snapshot" {
most_recent = true
db_instance_identifier = "testinstance"

Once the snapshot is found from the identifier of the DB instance, We will pass snapshot_identifier in the main script to launch RDS instance from the snapshot. Here is the script for that,

resource "aws_db_instance" "db_test" {
instance_class = "db.t2.small"
identifier = "newtestdb"
username = "test"
password = "[email protected]"
publicly_accessible = false
db_subnet_group_name = "${aws_db_subnet_group.db-subnet.name}"
snapshot_identifier = "${data.aws_db_snapshot.db_snapshot.id}"
vpc_security_group_ids = ["sg-00h62b79"]skip_final_snapshot = true

You can add / modify the script as per your requirements.

Now that we have all the configurations in place.

Now run terraform apply to create RDS instance using snapshot.

I hope this article helped you to save time from creating DB Instances using console.

If you liked it , Check out my other articles,