Troubleshooting a Terraform Deployment

Hands-On Lab


Photo of Travis Thomsen

Travis Thomsen

Course Development Director in Content





Our team has been working on a project to deploy some resources out to AWS using Terraform. However, there are a few bugs in the scripts, and the team member who wrote the Terraform code is out sick and unreachable. We've been asked to troubleshoot the issue and then deploy the resources to AWS.

What are Hands-On Labs?

Hands-On Labs are scenario-based learning environments where learners can practice without consequences. Don't compromise a system or waste money on expensive downloads. Practice real-world skills without the real-world risk, no assembly required.

Refactoring Terraform Code

Our team is preparing to migrate over to Terraform 0.12, and this newer version includes a lot of changes to the HashiCrop Configuration Language. Our task is refactoring some of the older Terraform code, to bring it up to the latest standards.

Logging In

Use the IP address and credentials provided on the hands-on lab overview page, and log in with SSH to the server.

Once we're in, get into the directory with the files we'll edit, by running cd lab. All of the examples here involve using Vim, but use whichever text editor is most comfortable.

Edit the Variables File


vi contents:

variable "vpc_cidr" {
  default = ""

variable "accessip" {
  default = ""

variable "service_ports" {
  default = [
      from_port = "22",
      to_port   = "22"
      from_port = "80",
      to_port   = "80"

Edit the Main File


vi contents:

resource "aws_vpc" "tf_vpc" {
  cidr_block           = var.vpc_cidr
  enable_dns_hostnames = true
  enable_dns_support   = true

  tags = {
    Name = "tf_vpc"

resource "aws_security_group" "tf_public_sg" {
  name        = "tf_public_sg"
  description = "Used for access to the public instances"
  vpc_id      =

  dynamic "ingress" {
    for_each = [ for s in var.service_ports: {
      from_port = s.from_port
      to_port = s.to_port

    content {
      from_port   = ingress.value.from_port
      to_port     = ingress.value.to_port
      protocol    = "tcp"
      cidr_blocks = [var.accessip]

  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = [""]

Edit the Outputs File


vi contents:

output "public_sg" {
  value =

output "ingress_port_mapping" {
  value = {
    for ingress in aws_security_group.tf_public_sg.ingress:
    format("From %d", ingress.from_port) => format("To %d", ingress.to_port)

Deploy the Environment

Now we can initialize Terraform:

terraform init

This will validate the files:

terraform validate

Plan the deploy with this:

terraform plan

Finally, let's deploy the environment:

terraform apply –auto-approve


Well, we've taken the existing Terraform files and gotten them ready for Terraform 0.12, and the HashiCrop Configuration Language changes that come with it. We are finished. Congratulations!