Before you can provision the MEAN stack infrastructure, your local machine and AWS account must satisfy four requirements: the Terraform CLI (version 1.12 or later), the AWS CLI configured with valid credentials, an IAM user or role that holds the necessary service permissions, and an S3 bucket to store Terraform’s remote state file. Each of these is covered in detail below.Documentation Index
Fetch the complete documentation index at: https://mintlify.com/mcamacho97/terraform-mean-stack-aws/llms.txt
Use this file to discover all available pages before exploring further.
Terraform CLI
The project requires Terraform >= 1.12, as declared inversions.tf. Earlier versions may lack syntax support or provider compatibility used in this configuration.
Install on macOS
Install via Homebrew or download the binary from HashiCorp
Install on Linux / Windows
Package manager instructions and manual install guides
AWS CLI
Terraform uses the AWS CLI credential chain to authenticate API calls. Install the AWS CLI v2 and then run the interactive configuration wizard:| Prompt | Example value |
|---|---|
| AWS Access Key ID | AKIAIOSFODNN7EXAMPLE |
| AWS Secret Access Key | wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY |
| Default region name | us-east-1 |
| Default output format | json |
AWS IAM Permissions
The IAM user or role used by Terraform must have permissions across the following AWS services. The table lists the minimum access needed to create, update, and destroy all resources in this project.| Service | Required access |
|---|---|
| EC2 | Full (ec2:*) — instances, AMI lookups, key pairs, security groups |
| VPC | Full — VPC, subnets, route tables, internet gateways, NAT gateways |
| ELB / ALB | Full — application load balancers, target groups, listeners |
| IAM | Create and delete roles, instance profiles, and role attachments |
| S3 | GetObject, PutObject, DeleteObject, ListBucket on the state bucket |
S3 Backend Bucket
Terraform stores its state file remotely in an S3 bucket. This enables team collaboration, state locking (when paired with DynamoDB), and prevents state loss if the local working directory is deleted. Create the bucket:S3 bucket names must be globally unique. Choose a name that includes your project or organization identifier, for example
acme-terraform-mean-state.Terraform Providers
When you runterraform init, Terraform automatically downloads the three providers declared in versions.tf. No manual installation is required.
| Provider | Source | Version constraint |
|---|---|---|
| aws | hashicorp/aws | ~> 6.0 |
| tls | hashicorp/tls | ~> 4.0 |
| local | hashicorp/local | ~> 2.5 |
aws provider manages all AWS resources. The tls provider generates the RSA key pair for SSH access, and the local provider writes the resulting private key to your filesystem under keys/.