Skip to main content
In this lesson, we’ll deploy Amazon EC2 instances across multiple environments using a custom Terraform module and Terragrunt. By encapsulating compute configuration in a reusable module, we guarantee consistency, simplify management, and accelerate provisioning of our workloads. Our end-to-end workflow:
  1. Build a dedicated Terraform module for EC2 provisioning.
  2. Create Terragrunt configurations for each environment (development, production).
  3. Provide environment-specific variables (instance type, AMI ID, networking).
  4. Run terragrunt init, plan, and apply.
  5. Validate security groups, key pairs, and network settings.
The image shows a diagram for setting up EC2 resources with Terragrunt commands on the left and a shield icon representing considerations on the right.

1. Custom Terraform Module

Create a folder structure under modules/ec2/:
FilePurpose
main.tfDefines aws_instance, security group attachments, user data, etc.
variables.tfDeclares inputs such as instance_type, ami_id, vpc_security_group_ids, key_name.
outputs.tfExposes attributes like public IP and instance ID.

Example: variables.tf

variable "environment" {
  description = "Deployment environment (e.g., dev, prod)"
  type        = string
}

variable "instance_type" {
  description = "EC2 instance type"
  type        = string
}

variable "ami_id" {
  description = "AMI ID for the instance"
  type        = string
}

variable "vpc_security_group_ids" {
  description = "List of security group IDs"
  type        = list(string)
}

variable "key_name" {
  description = "Key pair name for SSH access"
  type        = string
}
Make sure your AMI IDs match the target AWS region. You can automate lookup via the AWS Systems Manager Parameter Store.

2. Terragrunt Configuration per Environment

Under each environment folder (environments/development/, environments/production/), define a terragrunt.hcl that points to the EC2 module and sets inputs: 
# environments/development/terragrunt.hcl
terraform {
  source = "../../modules/ec2"
}

inputs = {
  environment             = "development"
  instance_type           = "t3.micro"
  ami_id                  = "ami-0123456789abcdef0"
  vpc_security_group_ids  = ["sg-0123456789abcdef0"]
  key_name                = "dev-key-pair"
}
Repeat for production, adjusting values accordingly.
Avoid committing sensitive data (e.g., private SSH keys) to version control. Store critical secrets in a secure vault or use Terragrunt’s read_terragrunt_config to pull from encrypted sources.

3. Deploying with Terragrunt

Within your chosen environment directory, execute: 
terragrunt init      # Initialize the Terraform working directory
terragrunt plan      # Preview infrastructure changes
terragrunt apply     # Provision EC2 instances as defined
After deployment, verify that your security groups, key pairs, and networking settings meet your organization’s standards.

Watch Video