Skip to content

Terraform Providers: AWS, Azure, GCP Provider Configuration

DodaTech 4 min read

Terraform providers are plugins that enable Terraform to interact with cloud platforms, APIs, and services by exposing their resources and data sources through a unified configuration language.

What You'll Learn

In this tutorial, you will learn how to configure Terraform providers for AWS, Azure, and GCP, manage provider versions, authenticate securely, and use multiple providers in the same configuration.

Why It Matters

Every Terraform resource belongs to a provider. Incorrect provider configuration is the most common cause of plan failures. Proper provider setup ensures Terraform can discover resources, authenticate to your cloud, and manage infrastructure lifecycle.

Real-World Use

Durga Antivirus Pro uses multiple Terraform providers in a single configuration -- AWS for compute and storage, Azure for Active Directory, and HashiCorp Vault for secrets -- all managed through a unified codebase.

Provider Configuration

A provider configuration specifies the cloud platform and authentication credentials. The required_providers block declares which providers your configuration needs.

terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 5.0"
    }
    azurerm = {
      source  = "hashicorp/azurerm"
      version = "~> 3.0"
    }
    google = {
      source  = "hashicorp/google"
      version = "~> 5.0"
    }
  }
}

Expected output: Running <a href="/devops/terraform/">terraform</a> init downloads all three provider plugins to the .<a href="/devops/terraform/">terraform</a>/providers directory.

AWS Provider

Authentication Methods

The AWS provider supports multiple authentication methods: environment variables, shared credentials file, and IAM roles.

provider "aws" {
  region = "us-east-1"
  # Credentials from environment variables AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY
}

provider "aws" {
  alias  = "west"
  region = "us-west-2"
}

Expected output: Terraform uses the default authentication chain. The alias attribute creates a named provider for multi-region configurations.

Provider with Assume Role

provider "aws" {
  region = "us-east-1"
  assume_role {
    role_arn     = "arn:aws:iam::123456789012:role/TerraformRole"
    session_name = "TerraformSession"
  }
}

Expected output: Terraform assumes the specified IAM role before creating resources, enabling cross-account management.

Azure Provider

provider "azurerm" {
  features {}
  # Uses Azure CLI, environment variables, or managed identity
}

provider "azurerm" {
  features {}
  alias           = "staging"
  subscription_id = "00000000-0000-0000-0000-000000000000"
}

Expected output: The default provider uses your Azure CLI login. The alias enables targeting a different subscription.

GCP Provider

provider "google" {
  project = "my-project-id"
  region  = "us-central1"
  # Uses application default credentials or service account key
}

provider "google" {
  alias   = "europe"
  project = "my-europe-project"
  region  = "europe-west1"
}

Expected output: Terraform authenticates via application default credentials. The alias provider manages resources in a different region.

Provider Versioning

Version constraints protect against unexpected provider upgrades that could break infrastructure.

terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = ">= 4.0, < 6.0"
    }
  }
}

Expected output: <a href="/devops/terraform/">terraform</a> init downloads the latest AWS provider version between 4.0 and 6.0 (excluding 6.0). The .<a href="/devops/terraform/">terraform</a>.lock.hcl file pins exact versions.

Multiple Provider Instances

Using alias lets you create multiple configurations of the same provider:

provider "aws" {
  region = "us-east-1"
}

provider "aws" {
  alias  = "us-west"
  region = "us-west-2"
}

resource "aws_instance" "east" {
  ami           = "ami-0c55b159cbfafe1f0"
  instance_type = "t2.micro"
}

resource "aws_instance" "west" {
  provider      = aws.us-west
  ami           = "ami-0c55b159cbfafe1f0"
  instance_type = "t2.micro"
}

Expected output: Two EC2 instances in different regions, each managed by a separate provider configuration.

Common Mistakes

1. Missing Provider Version Constraints

Without version constraints, <a href="/devops/terraform/">terraform</a> init downloads the latest provider, which may introduce breaking changes.

2. Hardcoding Credentials in Configuration

Credentials in main.tf get committed to version control. Use environment variables or a shared credentials file.

3. Forgetting <a href="/devops/terraform/">terraform</a> init After Adding Providers

Adding a new provider requires re-running <a href="/devops/terraform/">terraform</a> init to download the plugin. Omitting this step causes "provider not found" errors.

4. Mixing Up Provider Aliases

Referencing aws.west instead of aws.us-west causes an invalid provider reference error.

5. Using Deprecated Provider Arguments

Older provider versions may have deprecated arguments. Check the provider documentation for the version you are using.

Practice Questions

1. What does the required_providers block do? It declares the providers, their sources, and version constraints that the configuration depends on.

2. How do you configure multiple regions with the same provider? Use the alias attribute to create named provider configurations, each with a different region.

3. What happens if you do not specify provider version constraints? Terraform downloads the latest version, which may include breaking changes that affect your infrastructure.

4. What are three ways to authenticate the AWS provider? Environment variables, shared credentials file (~/.aws/credentials), and IAM role assumption.

5. Challenge: Write a configuration that uses three providers (AWS, Azure, GCP) with version constraints, one alias per provider, and one resource per provider.

Mini Project: Multi-Provider Demo

Create a configuration with the AWS provider in us-east-1 and us-west-2, an S3 bucket in each region, and verify both buckets are created by running <a href="/devops/terraform/">terraform</a> apply and checking the AWS console.

HCL Syntax
Resources & Data Sources

What's Next

Configure Terraform providers, then explore Resources and Data Sources to create and query cloud infrastructure.

Built by the developers of Doda Browser, DodaZIP, and Durga Antivirus Pro.

Built by the developers of DodaTech

Doda Browser, DodaZIP & Durga Antivirus Pro