---
title: "Create Infrastructure"
chapter: false
weight: 12
---
---

In this tutorial, you will customize the workspace you created [in the previous tutorial](/040_terraform_cloud_setup/3-cloud-workspace-create.html) by defining Terraform variables for your EC2 settings. Then, you will retrieve your AWS credentials and set them as sensitive environment variables. Finally, you will use Terraform Cloud to provision an EC2 instance.

## Configure Terraform variables

Return to the Terraform Cloud UI and visit the **"Variables"** page for your `tfc-guide-example` workspace, where you will set your credentials.

Terraform Cloud supports two types of variables: environment variables and Terraform variables. Either type can be marked as sensitive, which prevents them from being displayed in the Terraform Cloud web UI and makes them write-only.

Terraform Cloud will define **Terraform Variables** as input variables in Terraform's configuration language. You can use them to customize the infrastructure that Terraform creates from your configuration.

Find the **"Terraform Variables"** section to set two variables that Terraform will use to configure your instance.

| Variable        | Value                      | Sensitive |
| --------------- | -------------------------- | --------- |
| `instance_type` | `t2.micro`                 | no        |
| `instance_name` | `Provisioned by Terraform` | no        |

Click the **"Save variable"** button to save each one. After saving, the **"Terraform Variables"** section displays your new variable values.

![Terraform Cloud Workspace variables interface](/images/hashicorp/terraform/tfc_hashicorp-training_workspaces_tfc-guide-example_variables.png)

## Find your AWS credentials

EC2 instances are Amazon Web Services (AWS) services. In order for Terraform to provision AWS resources for you, it needs credentials for your AWS account.

{{% notice note %}}
This tutorial will provision resources that qualify under the [AWS free-tier](https://aws.amazon.com/free/). If your account does not qualify under the AWS free-tier.
{{% /notice %}}

Log into the AWS console and find your **Access key ID** and **Secret access key** on [this page](https://console.aws.amazon.com/iam/home#security_credential).

## Configure environment variables

Terraform Cloud uses an ephemeral environment to run Terraform operations that create and manage your infrastructure. You will set that environment's **Environment Variables** in the Terraform Cloud web UI to configure provider credentials or to configure the Terraform binary itself.

Scroll down to the **"Environment Variables"** section, and create two variables by clicking the **"Add variable"** button. Check the **"Sensitive"** checkbox for both of them.

| Variable                | Value                          | Sensitive |
| ----------------------- | ------------------------------ | --------- |
| `AWS_ACCESS_KEY_ID`     | Your AWS **Access key ID**     | yes       |
| `AWS_SECRET_ACCESS_KEY` | Your AWS **Secret access key** | yes       |

{{% notice tip %}}
If you have temporary AWS credentials, you must also add your `AWS_SESSION_TOKEN` as an environment variable.
{{% /notice %}}

Click the **"Save variable"** button to save each one. Once you are done, the **"Environment Variables"** section should look like this:

![Terraform Cloud Workspace environment variables interface](/images/hashicorp/terraform/cloud/environment-variables.png)

{{% notice tip %}}
If you use the Terraform CLI, your local environment variables do not auto populate into the environment where Terraform Cloud runs the Terraform binary. You must set your environment variables in Terraform Cloud.
{{% /notice %}}

## Plan infrastructure changes

Now that you have set your variables, select **"Start new plan"** from the **"Actions"** drop down menu, choose the **"Plan (most common)"** option, and provide an optional explanation. Then select the purple **"Start plan"** button to start a plan. This may take a few minutes.

![Queue Terraform plan from workspace variables page](/images/hashicorp/terraform/tfc_hashicorp-training_workspaces_tfc-guide-example_variables_queue_plan.png)

This produces an execution plan that describes which actions Terraform will take to change real infrastructure to match the configuration Terraform will not make any changes until you confirm and apply the plan This gives you and your team an opportunity to review the planned changes.

The output format is similar to the diff format generated by tools such as Git. Output with a `+` next to it means that Terraform will create this resource. The plan also shows the attributes that Terraform will set. The value `(known after apply)` means that Terraform will not have this value until after it creates the resource.

![Terraform plan output](/images/hashicorp/terraform/tfc_hashicorp-training_workspaces_tfc-guide-example_plan_output.png)

No real infrastructure changes happen until you confirm and apply the plan. This checkpoint gives you and your team an opportunity to review the planned changes before they happen.

## Apply planned changes

Once the plan is complete, click the **"Confirm & Apply"** button, followed by the **"Confirm Plan"** button to apply the change.

After a few minutes, your apply should complete. Terraform Cloud will display a confirmation.

![Successful Terraform Cloud run](/images/hashicorp/terraform/tfc_hashicorp-training_workspaces_tfc-guide-example_runs_complete.png)

Now return to the workspace's **"Overview"** page. Under the details about your latest run, Terraform displays a table of the resources currently managed in the workspace.

![Terraform Cloud workspace resource table](/images/hashicorp/terraform/tfc_hashicorp-training_workspaces_tfc-guide-example_resource_table.png)

It also shows the workspace's outputs in the "Outputs" tab for easy access.

![Terraform Cloud workspace outputs table](/images/hashicorp/terraform/tfc_hashicorp-training_workspaces_tfc-guide-example_resource_table_outputs.png)

Congratulations! You created an AWS EC2 instance using Terraform Cloud.

Verify that the infrastructure exists by visiting the [AWS web console](https://console.aws.amazon.com/) page for EC2 in the **N.California/us-west-1** region, the region specified in the provider configuration.

{{% notice tip %}}
The EC2 instance that you have provisioned will remain active until it is deleted. You will do this in the [clean-up](/090_cleanup/1-cloud-destroy.html) tutorial.
{{% /notice %}}

## Next Steps

In this tutorial, you configured your workspace with environment and Terraform variables, and created a EC2 instance using Terraform Cloud. Read more about variables in Terraform Cloud in the [documentation](https://www.terraform.io/docs/cloud/workspaces/variables.html).

Now you are ready to modify your EC2 instance by updating your Terraform variables and changing your configuration files.