Skip to main content
Before running terraform apply, you need four things in place: an AWS account with credentials, the AWS CLI, Terraform 1.0 or higher, and an SSH key pair created in EC2. This page walks through each one.
All commands in this guide run from inside the redStack/ directory. Clone the repository first (Step 3 below), then run everything from that directory. This ensures the .pem key file lands in the right place for Terraform to find it.

What you need

AWS account

An active AWS account with IAM credentials. A dedicated throwaway account used only for this lab is strongly recommended. See IAM Permissions.

AWS CLI

Version 2.x. Used to create the SSH key pair and verify credentials before Terraform runs.

Terraform >= 1.0

Terraform provisions all AWS infrastructure. Version 1.0 or higher is required (required_version = ">= 1.0" in main.tf).

Your public IP

Used to scope SSH access in security group rules. Find it with curl -s ifconfig.me.

SSH key pair

An RSA key pair created in AWS EC2. Terraform does not create this — you must create it manually before deploying.

Steps

1

Install AWS CLI

Install the AWS CLI for your platform:
PlatformMethod
macOSbrew install awscli
Linux (Ubuntu/Debian)sudo apt install awscli
Linux (any distro)curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" && unzip awscliv2.zip && sudo ./aws/install
WindowsDownload and run the MSI installer from the AWS CLI page
Verify the installation:
aws --version
Expected output: aws-cli/2.x.x ...
2

Install Terraform

Install Terraform 1.0 or higher:
PlatformMethod
macOSbrew install terraform
LinuxFollow the HashiCorp install guide for your distro
Windowschoco install terraform or download from HashiCorp
Verify the installation:
terraform --version
Expected output: Terraform v1.x.x — any version 1.0 or higher is supported.
3

Clone the repository

Clone redStack and change into the project directory:
git clone https://github.com/BaddKharma/redStack.git && cd redStack
All subsequent commands in this guide run from inside redStack/.
4

Configure AWS credentials

Run aws configure to store your IAM credentials locally. Terraform reads these automatically.
aws configure
You will be prompted for four values:
PromptWhat to enter
AWS Access Key IDThe access key ID from your IAM user’s security credentials
AWS Secret Access KeyThe secret shown once at key creation time
Default region nameThe region where redStack will deploy — use us-east-1 unless you have a reason to pick another
Default output formatEnter json
The region you enter here must match the aws_region value in terraform.tfvars. Both default to us-east-1.
See IAM Permissions for instructions on creating an IAM user and generating an access key.
5

Create the AWS SSH key pair

Terraform does not create the SSH key pair. You must create it manually before running terraform apply. The key pair must exist in AWS EC2, and the .pem file must be present in your redStack/ directory.
The key name must be rs-rsa-key unless you change ssh_key_name in terraform.tfvars. If the key pair does not exist in AWS before you run terraform apply, the deployment will fail.
aws ec2 create-key-pair --key-name rs-rsa-key --query 'KeyMaterial' --output text > ./rs-rsa-key.pem
chmod 400 ./rs-rsa-key.pem
chmod 400 restricts the file to owner-read-only. SSH will refuse to use the key if permissions are too open.
Verify the key pair was created in AWS:
aws ec2 describe-key-pairs --key-names rs-rsa-key
Expected output: a JSON object containing "KeyName": "rs-rsa-key" and a fingerprint. Any error means the key was not created — check your IAM permissions and retry.
You can also create the key pair in the AWS Console under EC2 → Key Pairs → Create key pair. Use RSA format and .pem file type. Download the file into your redStack/ directory, then set permissions using the chmod or icacls command above.
6

Run verification commands

Confirm everything is in place before moving to Terraform configuration:
# Verify AWS credentials and account access
aws sts get-caller-identity

# Verify Terraform version
terraform --version

# Get your public IP (you will need this for localPub_ip in terraform.tfvars)
curl -s ifconfig.me
Expected results:
  • aws sts get-caller-identity returns a JSON object with your Account, UserId, and Arn. Any error means credentials are not configured correctly.
  • terraform --version shows Terraform v1.x.x or higher.
  • curl -s ifconfig.me prints your public IP address. Copy this — you will append /32 and use it as localPub_ip in terraform.tfvars.

Checklist

Before continuing to Terraform Variables, confirm all of the following:
  • AWS CLI installed and aws --version returns 2.x
  • Terraform installed and terraform --version returns 1.0 or higher
  • redStack/ repository cloned and you are working from inside it
  • aws configure completed with a valid access key, secret, region, and output format
  • aws sts get-caller-identity returns your account details without error
  • rs-rsa-key key pair exists in AWS (aws ec2 describe-key-pairs --key-names rs-rsa-key)
  • rs-rsa-key.pem file is in your redStack/ directory with restricted permissions
  • Your public IP noted from curl -s ifconfig.me

Build docs developers (and LLMs) love

Get started for freeTalk to us