Terraform Beginners Guide 2026: Infrastructure as Code für AWS

⏱️4 min read · 797 words

Terraform ist der Industriestandard für Infrastructure as Code (IaC). Im Jahr 2026 nutzt jedes DevOps-Team Terraform, um die Cloud-Infrastruktur deklarativ bereitzustellen und zu verwalten. Dieser Leitfaden reicht von der ersten Ressource über produktionstaugliche Module bis hin zur Statusverwaltung.

📋 Table of Contents

Warum Terraform?
Installation und Einrichtung
Kernkonzepte
Terraform-Workflow
Echtes Beispiel: AWS Web Stack
Module – Wiederverwendbare Infrastruktur
Remote State – Teamzusammenarbeit
Arbeitsbereiche – Mehrere Umgebungen
Datenquellen
Best Practices

Warum Terraform?

Anbieterunabhängig– funktioniert mit AWS, GCP, Azure, Kubernetes und über 3.000 Anbietern
Deklarativ– Beschreiben Sie, was Sie wollen, nicht wie Sie es erstellen
Staatsverwaltung– Verfolgt die echte Infrastruktur im Vergleich zu Ihrem Code
Planen Sie vor der Bewerbung– Sehen Sie sich die Änderungen in der Vorschau an, bevor Sie sie vornehmen
Module– wiederverwendbare, gemeinsam nutzbare Infrastrukturkomponenten

Installation und Einrichtung

# Install Terraform (macOS)
brew install terraform

# Install via tfenv (version manager)
brew install tfenv
tfenv install 1.9.0
tfenv use 1.9.0

# Verify
terraform --version

# Install providers (runs automatically on init)
terraform init

Kernkonzepte

# main.tf — basic structure

# Provider — which cloud to use
terraform {
  required_version = ">= 1.9"
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 5.0"
    }
  }
}

provider "aws" {
  region = var.aws_region
}

# Variables
variable "aws_region" {
  type        = string
  description = "AWS region"
  default     = "us-east-1"
}

variable "instance_type" {
  type    = string
  default = "t3.micro"
}

# Resource — actual infrastructure
resource "aws_instance" "web" {
  ami           = "ami-0c55b159cbfafe1f0"
  instance_type = var.instance_type

  tags = {
    Name        = "web-server"
    Environment = var.environment
  }
}

# Output
output "instance_ip" {
  value       = aws_instance.web.public_ip
  description = "Public IP of web server"
}

Terraform-Workflow

# 1. Initialize — download providers
terraform init

# 2. Format — auto-format code
terraform fmt

# 3. Validate — check syntax
terraform validate

# 4. Plan — preview changes
terraform plan
terraform plan -out=tfplan  # save plan to file

# 5. Apply — create/update infrastructure
terraform apply
terraform apply tfplan       # apply saved plan

# 6. Destroy — remove all resources
terraform destroy

# Targeted operations
terraform plan -target=aws_instance.web
terraform apply -target=module.networking

Echtes Beispiel: AWS Web Stack

# VPC
resource "aws_vpc" "main" {
  cidr_block           = "10.0.0.0/16"
  enable_dns_hostnames = true
  enable_dns_support   = true

  tags = { Name = "${var.project}-vpc" }
}

# Public subnet
resource "aws_subnet" "public" {
  count             = 2
  vpc_id            = aws_vpc.main.id
  cidr_block        = "10.0.${count.index}.0/24"
  availability_zone = data.aws_availability_zones.available.names[count.index]
  map_public_ip_on_launch = true

  tags = { Name = "${var.project}-public-${count.index}" }
}

# Security group
resource "aws_security_group" "web" {
  name   = "${var.project}-web-sg"
  vpc_id = aws_vpc.main.id

  ingress {
    from_port   = 80
    to_port     = 80
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  ingress {
    from_port   = 443
    to_port     = 443
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }
}

# Application Load Balancer
resource "aws_lb" "web" {
  name               = "${var.project}-alb"
  internal           = false
  load_balancer_type = "application"
  security_groups    = [aws_security_group.web.id]
  subnets            = aws_subnet.public[*].id
}

Module – Wiederverwendbare Infrastruktur

# modules/rds/main.tf
variable "db_name" { type = string }
variable "db_user" { type = string }
variable "db_password" {
  type      = string
  sensitive = true
}
variable "subnet_ids" { type = list(string) }
variable "sg_ids"     { type = list(string) }

resource "aws_db_instance" "main" {
  identifier        = var.db_name
  engine            = "postgres"
  engine_version    = "16.2"
  instance_class    = "db.t3.medium"
  allocated_storage = 20

  db_name  = var.db_name
  username = var.db_user
  password = var.db_password

  db_subnet_group_name   = aws_db_subnet_group.main.name
  vpc_security_group_ids = var.sg_ids

  backup_retention_period = 7
  skip_final_snapshot     = false
  deletion_protection     = true
  storage_encrypted       = true

  tags = { Name = var.db_name }
}

output "endpoint" { value = aws_db_instance.main.endpoint }

# Use module in root
module "database" {
  source   = "./modules/rds"
  db_name  = "myapp"
  db_user  = var.db_user
  db_password = var.db_password
  subnet_ids  = module.networking.private_subnet_ids
  sg_ids      = [aws_security_group.db.id]
}

Remote State – Teamzusammenarbeit

# Store state in S3 (never commit terraform.tfstate to git!)
terraform {
  backend "s3" {
    bucket         = "mycompany-terraform-state"
    key            = "production/terraform.tfstate"
    region         = "us-east-1"
    encrypt        = true
    dynamodb_table = "terraform-state-lock"  # prevents concurrent applies
  }
}

Arbeitsbereiche – Mehrere Umgebungen

# Create workspaces for dev/staging/prod
terraform workspace new dev
terraform workspace new staging
terraform workspace new prod

terraform workspace list
# * dev
#   staging
#   prod

terraform workspace select prod
terraform plan

# Reference workspace in code
locals {
  instance_type = terraform.workspace == "prod" ? "t3.large" : "t3.micro"
}

Datenquellen

# Look up existing resources
data "aws_vpc" "existing" {
  filter {
    name   = "tag:Name"
    values = ["production-vpc"]
  }
}

data "aws_ami" "ubuntu" {
  most_recent = true
  owners      = ["099720109477"]  # Canonical

  filter {
    name   = "name"
    values = ["ubuntu/images/hvm-ssd/ubuntu-*-22.04-amd64-server-*"]
  }
}

resource "aws_instance" "web" {
  ami           = data.aws_ami.ubuntu.id
  subnet_id     = data.aws_vpc.existing.id
}

Best Practices

Lege dich niemals festterraform.tfstate— Remote-Status verwenden (S3, Terraform Cloud)
Use terraform planvor jeder Bewerbung— Änderungen überprüfen
Anbieterversionen sperren — version = "~> 5.0"verhindert Überraschungen
Nutzen Sie Module— DRY-Infrastruktur für Entwicklung/Staging/Produktion
Markieren Sie alle Ressourcen — Environment, Project, Owner
Speichern Sie Geheimnisse im AWS Secrets Manager– nicht in Terraform-Variablen
Use -targetsparsam– kann den Status inkonsistent hinterlassen

Terraform ist mittlerweile für jede Cloud-Infrastrukturarbeit unverzichtbar. Beginnen Sie mit einfachen EC2-Instanzen, bauen Sie VPC, RDS und ALB auf und extrahieren Sie dann wiederverwendbare Module. Remote-Status und Arbeitsbereiche ermöglichen die Teamzusammenarbeit und die Verwaltung mehrerer Umgebungen.

🔗 Share this article

X / Twitter Facebook WhatsApp LinkedIn Telegram