100 Days of Red Team

100 Days of Red Team

Share this post

100 Days of Red Team
100 Days of Red Team
Terraform Fundamentals - Your first configuration
User's avatar
Discover more from 100 Days of Red Team
Learn red team concepts, tools, techniques and tradecraft with me, one day at a time.
Already have an account? Sign in

Terraform Fundamentals - Your first configuration

Learn how to launch your first AWS EC2 instance using Terraform.

Uday Mittal's avatar
Uday Mittal
Apr 24, 2025
1

Share this post

100 Days of Red Team
100 Days of Red Team
Terraform Fundamentals - Your first configuration
Share

If you’ve made it this far, congratulations! You now have Terraform installed and understand the importance of versioning. Now it’s time to deploy real infrastructure.

In this post, I will show how to launch your first AWS EC2 instance using Terraform and learn how the whole flow works—from writing configuration to destroying your resources safely. I am assuming that you are using a Windows 11 machine and have AWS CLI installed (if not, check out the detailed installation instructions here).

Thanks for reading 100 Days of Red Team! Subscribe for free to receive new posts and support my work.

Follow my journey of 100 Days of Red Team on WhatsApp, Telegram or Discord.

Set up AWS policy and credentials

First, lets create a restricted AWS IAM policy that will grant only the required permissions.

  • Go to IAM > Policies > Create Policy.

  • Switch to the JSON tab and paste:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "EC2CoreActions",
            "Effect": "Allow",
            "Action": [
                "ec2:RunInstances",
                "ec2:DescribeInstances",
                "ec2:DescribeInstanceTypes",
                "ec2:TerminateInstances",
                "ec2:DescribeVolumes",
                "ec2:CreateTags",
                "ec2:DescribeTags",
                "ec2:DescribeInstanceAttribute",
                "ec2:DescribeImages",
                "ec2:DescribeKeyPairs",
                "ec2:DescribeSecurityGroups",
                "ec2:DescribeSubnets",
                "ec2:DescribeVpcs",
                "ec2:AllocateAddress",
                "ec2:AssociateAddress",
                "ec2:ReleaseAddress",
                "ec2:DescribeAddresses",
                "ec2:DescribeInstanceCreditSpecifications"
            ],
            "Resource": "*",
            "Condition": {
                "StringEquals": {
                    "aws:RequestedRegion": "us-east-1"
                }
            }
        }
    ]
}
  • This policy minimizes blast radius in case of compromised credentials or misconfigured resources. If an attacker gets access to your Terraform user, they’re confined to a specific region and specific permissions.

  • Click Next, name the policy something like TerraformEC2Access, and click Create Policy.

Next, lets create a new IAM user for the purpose of this exercise.

  • Go to IAM > Users > Create user

  • Enter the username as terraform-user and click Next.

  • On the permissions screen, choose Attach policies directly.

  • Select the TerraformEC2Access policy you just created and click Next.

  • In the Review and create screen, click Create user.

  • Click on the newly created user, TerraformEC2Access.

  • Click on Create access key.

  • Select Local code.

  • Check the Confirmation check box and click Next.

  • Click Create access key.

  • Click Download .csv file to save a local copy of credentials of the newly created user.

  • Click Done.

Security tip: Never use your root credentials. Always use an IAM user with limited access.

Finally, lets configure AWS CLI.

aws configure

Provide:

  • Access Key ID

  • Secret Access Key

  • Region (e.g., us-east-1)

  • Output format (you can choose json)

This will write your credentials, selected region and output format to:

~/.aws/credentials
~/.aws/config

A couple of security tips before moving on:

  • Never hardcode credentials in .tf files.

  • Use environment variables or AWS CLI profiles instead.

  • Store secrets in a vault or use Terraform Cloud's secure storage in production setups.

You’re now ready to start building!

Create your first Terraform project

Create a new directory:

CMD:
mkdir terraform-hello-world && cd terraform-hello-world  

PowerShell:
mkdir terraform-hello-world; cd terraform-hello-world

Inside it, create a file called main.tf and paste this:

provider "aws" {
  region = "us-east-1"
}

resource "aws_instance" "hello" {
  ami           = "ami-0e449927258d45bc4" # Amazon Linux 2 AMI in us-east-1
  instance_type = "t2.micro"

  tags = {
    Name = "TerraformHelloWorld"
  }
}

Run your first Terraform commands

From the directory with main.tf, run the following:

1. Initialize
terraform init

This sets up Terraform’s working directory and downloads the AWS provider.

2. Preview the Plan
terraform plan

This shows what Terraform will do—without actually doing it.

3. Apply (Build infra)
terraform apply

Type yes when prompted. Terraform will:

  • Authenticate with AWS

  • Provision the EC2 instance

Since we have not yet created any SSH keys or added output variable to the Terraform configuration file, the only way to confirm whether the EC2 instance was actually created is to login to the AWS management console > EC2 > Instances. You should see a running instance there.

4. Destroy (Cleanup)
terraform destroy

Type yes to tear everything down. This is great for:

  • Saving on AWS costs

  • Practicing clean ops

  • Leaving no trace in test environments

Again, to verify whether the EC2 instance was actually destroyed or not, login to the AWS management console > EC2 > Instances. You should see a terminated instance there.

How does this work?

Here’s how the workflow provisioned your EC2 instance:

You described what you wanted in main.tf, and Terraform took care of turning it into real infrastructure. That’s the core power of Infrastructure as Code.

TL;DR
We launched the first AWS EC2 instance using Terraform. Learnt how to securely configure AWS credentials, wrote a basic provider and resource block, and used the core Terraform commands: init, plan, apply, and destroy.

Follow my journey of 100 Days of Red Team on WhatsApp, Telegram or Discord.

Thanks for reading 100 Days of Red Team! Subscribe for free to receive new posts and support my work.

Mcv's avatar
1 Like
1

Share this post

100 Days of Red Team
100 Days of Red Team
Terraform Fundamentals - Your first configuration
Share

Discussion about this post

User's avatar
Using Havoc C2 to bypass UAC
Demonstration of couple of UAC bypass methods using Havoc C2.
Feb 16 â€¢ 
Uday Mittal
1

Share this post

100 Days of Red Team
100 Days of Red Team
Using Havoc C2 to bypass UAC
Let's write a Beacon Object File for Havoc C2 - Part 1
Learn how to use Windows APIs in a Beacon Object File (BOF).
Feb 27 â€¢ 
Uday Mittal
2

Share this post

100 Days of Red Team
100 Days of Red Team
Let's write a Beacon Object File for Havoc C2 - Part 1
Red Team Infrastructure - Deploying Havoc C2 via Terraform
Learn how to deploy Havoc C2 (team server and client) in AWS via Terraform.
May 17 â€¢ 
Uday Mittal
2

Share this post

100 Days of Red Team
100 Days of Red Team
Red Team Infrastructure - Deploying Havoc C2 via Terraform

Ready for more?

© 2025 Uday Mittal
Privacy ∙ Terms ∙ Collection notice
Start writingGet the app
Substack is the home for great culture

Share

Create your profile

User's avatar

Only paid subscribers can comment on this post

Already a paid subscriber? Sign in

Check your email

For your security, we need to re-authenticate you.

Click the link we sent to , or click here to sign in.