How to Install Terraform on RHEL 7
Terraform is HashiCorp’s open-source Infrastructure as Code (IaC) tool that lets you define, provision, and manage cloud infrastructure using declarative configuration files. Instead of manually clicking through cloud consoles or writing fragile shell scripts, Terraform allows you to describe your desired infrastructure state — virtual machines, networks, storage buckets, DNS records — and reliably create or update that infrastructure on demand. On RHEL 7, Terraform is installed via HashiCorp’s official RPM repository, giving you access to the latest stable releases managed through the standard yum package manager. This guide covers installation, basic configuration, and first steps with the core Terraform workflow.
Prerequisites
- A RHEL 7 system with internet access or access to a proxy/mirror
- Root or
sudoaccess yum-utilspackage installed for repo management- At least 512 MB free disk space in
/usr/local/binor wherever binaries are stored - An AWS account (or equivalent cloud provider) with programmatic access credentials if you plan to provision real cloud resources
- Basic familiarity with the command line
Step 1: Add the HashiCorp YUM Repository
HashiCorp maintains an official RPM repository at rpm.releases.hashicorp.com. Adding this repository allows you to install and update Terraform through yum like any other system package:
# Install yum-utils if not already present
sudo yum install -y yum-utils
# Add the HashiCorp repository
sudo yum-config-manager --add-repo https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo
# Verify the repo was added
yum repolist | grep hashicorpIf yum-config-manager is not available on your system, you can manually create the repo file:
sudo tee /etc/yum.repos.d/hashicorp.repo <<EOF
[hashicorp]
name=Hashicorp Stable - $basearch
baseurl=https://rpm.releases.hashicorp.com/RHEL/7/$basearch/stable
enabled=1
gpgcheck=1
gpgkey=https://rpm.releases.hashicorp.com/gpg
EOFThe GPG key verification ensures the packages you download are authentic and have not been tampered with. Always keep GPG checking enabled in production environments.
Step 2: Install Terraform
With the repository configured, install Terraform using yum:
sudo yum install -y terraformTo install a specific version (useful when your team needs to pin a version for reproducibility):
# List available versions
yum --showduplicates list terraform
# Install a specific version
sudo yum install -y terraform-1.6.6-1After installation, verify Terraform is accessible and check the version:
terraform --versionExpected output:
Terraform v1.6.6
on linux_amd64Enable tab completion for the Terraform CLI in bash:
terraform -install-autocomplete
source ~/.bashrcStep 3: Configure Cloud Provider Credentials
Terraform uses provider plugins to communicate with cloud APIs. For AWS, the most common starting point, configure your credentials before writing any Terraform code. The AWS provider respects standard AWS credential sources:
# Install the AWS CLI if not present
sudo yum install -y awscli
# Configure AWS credentials interactively
aws configureThis stores credentials in ~/.aws/credentials and configuration in ~/.aws/config. Terraform reads these automatically. Alternatively, export environment variables:
export AWS_ACCESS_KEY_ID="AKIAIOSFODNN7EXAMPLE"
export AWS_SECRET_ACCESS_KEY="wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"
export AWS_DEFAULT_REGION="us-east-1"For non-AWS providers (Azure, GCP, DigitalOcean, etc.), each provider has its own credential mechanism documented on the Terraform Registry. Never hardcode credentials in .tf files — use environment variables, AWS IAM roles, or a secrets manager.
Step 4: Create Your First Terraform Project
Terraform projects live in directories containing .tf files. Create a working directory and a minimal configuration:
mkdir -p ~/terraform/first-project
cd ~/terraform/first-projectCreate the main configuration file:
cat > main.tf <<'EOF'
terraform {
required_version = ">= 1.0"
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 5.0"
}
}
}
provider "aws" {
region = var.aws_region
}
resource "aws_instance" "web" {
ami = var.ami_id
instance_type = "t3.micro"
tags = {
Name = "rhel7-terraform-demo"
Environment = var.environment
}
}
EOFCreate a variables file:
cat > variables.tf <<'EOF'
variable "aws_region" {
description = "AWS region to deploy into"
type = string
default = "us-east-1"
}
variable "ami_id" {
description = "AMI ID for the EC2 instance"
type = string
}
variable "environment" {
description = "Deployment environment (dev, staging, prod)"
type = string
default = "dev"
}
EOFCreate an outputs file:
cat > outputs.tf <<'EOF'
output "instance_id" {
description = "ID of the EC2 instance"
value = aws_instance.web.id
}
output "instance_public_ip" {
description = "Public IP address of the EC2 instance"
value = aws_instance.web.public_ip
}
EOFCreate a terraform.tfvars file to supply values for required variables:
cat > terraform.tfvars <<'EOF'
aws_region = "us-east-1"
ami_id = "ami-0c55b159cbfafe1f0"
environment = "dev"
EOFStep 5: Run terraform init
terraform init initializes the working directory, downloads the required provider plugins, and sets up the backend for storing state:
terraform initOutput shows Terraform downloading the AWS provider plugin:
Initializing the backend...
Initializing provider plugins...
- Finding hashicorp/aws versions matching "~> 5.0"...
- Installing hashicorp/aws v5.31.0...
- Installed hashicorp/aws v5.31.0 (signed by HashiCorp)
Terraform has been successfully initialized!Always run terraform init when you first clone a project, add a new provider, or change backend configuration.
Step 6: Plan, Apply, and Destroy
terraform plan generates an execution plan showing what changes Terraform will make without actually making them. It is a safe, read-only operation:
terraform planThe output uses + for resources to be created, - for resources to be destroyed, and ~ for resources to be modified in-place. Review the plan carefully before applying.
terraform apply executes the plan and makes the changes. It shows the plan one more time and prompts for confirmation:
terraform apply
# Skip the interactive prompt (useful in CI/CD pipelines)
terraform apply -auto-approve
# Apply a saved plan file
terraform plan -out=tfplan.binary
terraform apply tfplan.binaryAfter a successful apply, Terraform records the current state of all managed resources in terraform.tfstate.
terraform destroy tears down all resources described in your configuration:
terraform destroy
# Destroy without confirmation prompt
terraform destroy -auto-approveStep 7: Understanding the State File
The terraform.tfstate file is a JSON document recording the real-world IDs and properties of every resource Terraform has created. It is the source of truth for Terraform’s understanding of your infrastructure:
# View current state
terraform show
# List all resources in state
terraform state list
# Show details of a specific resource
terraform state show aws_instance.webThe state file can contain sensitive data (IP addresses, passwords). Never commit it to version control. In team environments, use a remote backend such as S3 with DynamoDB locking to share state safely. Keep the state file backed up — losing it means Terraform can no longer manage existing resources without re-importing them.
Terraform is now installed and functional on your RHEL 7 system. You have added the HashiCorp repository, installed the package via yum, created a provider configuration, defined resources and variables, and run the core init/plan/apply/destroy workflow. This foundation prepares you to manage real cloud infrastructure at scale. The next step is learning to write complete multi-resource environments with modules, remote state backends, and workspace-based environment management — which transforms Terraform from a simple provisioning tool into a full infrastructure lifecycle platform.
