Installing Terraform

Follow Installation Instructions here.


Create a directory where you want to store the terraform configuration files. Create a file named This is where we store all the configurations.

Adding providers block

terraform {
  required_providers {
    digitalocean = {
      source = "digitalocean/digitalocean"
      version = "2.22.2"

As of this writing, digitalocean’s terraform provider is of version 2.22.2.


To Initialize the terraform and install the azure plugin, you should run

terraform init

Output should be similar to this

$ terraform init

Initializing the backend...

Initializing provider plugins...
- Finding digitalocean/digitalocean versions matching "2.22.2"...
- Installing digitalocean/digitalocean v2.22.2...
- Installed digitalocean/digitalocean v2.22.2 (signed by a HashiCorp partner, key ID F82037E524B9C0E8)

Generating DigitalOcean API Token

Terraform needs API Token to communicate with DigitalOcean and to deploy the infrastructure. Generate the API token by going to DigitalOcean » API » Tokens/Keys.

Please copy new personal access token now. It won’t be shown again for security.


Authentication can be done either with environment variables or terraform variables.

Windows Powershell

Open Powershell and run the following to add new environment variable.


To set the token as environment variable Persistently




To set the token as environment variable Persistently

echo 'export DIGITALOCEAN_ACCESS_TOKEN='token'' >> ~/.profile

Replace token with the actual token.

Using Terraform variables

Create and add following

variable "do_token" {
    type = string
    description = "Digital Ocean API Token"
    sensitive = true

And add following to

provider "digitalocean" {
  token = var.do_token

Create a Droplet

To create a droplet, create a new file and add following

resource "digitalocean_droplet" "terraform_droplet" {
  image  = "ubuntu-22-04-x64"
  name   = "terraform"
  region = "sfo3"
  size   = "s-1vcpu-1gb"

Here i’m using Ubuntu 22.04 LTS image and using basic size with 1vCPU and 1GB of RAM on deploying it in the SFO3(San Francisco region 3). You can choose whatever you like.

To add ssh key to the account add following to either separate or

resource "digitalocean_ssh_key" "ssh_default" {
  name       = "terraform ssh"
  public_key = file("~/.ssh/")

and attach newly added ssh key to the droplet. updated should look like this

resource "digitalocean_droplet" "terraform_droplet" {
  image  = "ubuntu-22-04-x64"
  name   = "terraform"
  region = "blr1"
  size   = "s-1vcpu-1gb"
  ssh_keys = [digitalocean_ssh_key.ssh_default.fingerprint]

if the given key is already added to you account, terraform throws the error. in that case, remove ssh block and just add MD5 fingerprint of the public key to the droplet block.

To get the `MD5 fingerprint of the key run

ssh-keygen -lf  ~/.ssh/ -E MD5

Updated should look like this

resource "digitalocean_droplet" "terraform_droplet" {
  image  = "ubuntu-22-04-x64"
  name   = "terraform"
  region = "blr1"
  size   = "s-1vcpu-1gb"
  ssh_keys = ["a0:b1:c2:3d:4e:5f:g6:h7:i8:9j:0k:1l:2m:n3:o4:p5"]

cloud init

To pass user data run commands such as adding users, adding groups or install any tools on droplet on first launch, specify user data file init.yml


  - default
  - name: terraform
    gecos: terraform
    shell: /bin/bash
    primary_group: terraform
    sudo: ['ALL=(ALL) NOPASSWD:ALL']
    groups: users, admin, sudo
    lock_passwd: false
        - pubkey
  - apt update
  - apt upgrade -y
  - apt install curl -y

Updated should look something like this

resource "digitalocean_droplet" "terraform_droplet" {
  image  = "ubuntu-22-04-x64"
  name   = "terraform"
  region = "blr1"
  size   = "s-1vcpu-1gb"
  user_data = file("init.yml")
  ssh_keys = [digitalocean_ssh_key.ssh_default.fingerprint]


After deploying the droplet, we might need it’s ip address to proceed. To capture that, we need to create a variable and pass deployed droplet ip to that variable.

Create and add following

output "ip_address" {
  value = digitalocean_droplet.terraform_droplet.ipv4_address
  description = "The public IP address of your droplet."


To validate code run terraform validate. If everything is valid and no syntactical errors are there, output should be like

$ terraform validate
Success! The configuration is valid.

To dry run the everything and to see what are the changes, run

terraform plan

If terraform variable were used to define authentication token

terraform plan -var="do_token=token"
terraform plan

Terraform used the selected providers to generate the following execution plan.
Resource actions are indicated with the

following symbols:
  + create

Terraform will perform the following actions:

  # digitalocean_droplet.terraform_droplet will be created
  + resource "digitalocean_droplet" "terraform_droplet" {
      + backups              = false
      + created_at           = (known after apply)
      + disk                 = (known after apply)
      + graceful_shutdown    = false
      + id                   = (known after apply)
      + image                = "ubuntu-22-04-x64"
      + ipv4_address         = (known after apply)
      + ipv4_address_private = (known after apply)
      + ipv6                 = false
      + ipv6_address         = (known after apply)
      + locked               = (known after apply)
      + memory               = (known after apply)
      + monitoring           = false
      + name                 = "terraform"
      + price_hourly         = (known after apply)
      + price_monthly        = (known after apply)
      + private_networking   = (known after apply)
      + region               = "blr1"
      + resize_disk          = true
      + size                 = "s-1vcpu-1gb"
      + status               = (known after apply)
      + urn                  = (known after apply)
      + user_data            = "0743846df7e7237339701a0bd8d31d35945590cb"
      + vcpus                = (known after apply)
      + volume_ids           = (known after apply)
      + vpc_uuid             = (known after apply)

Plan: 1 to add, 0 to change, 0 to destroy.

Changes to Outputs:
  + ip_address = (known after apply)

you run "terraform apply" now.

To deploy the droplet run

terraform deploy

If terraform variable were used to define authentication token

terraform deploy -var="do_token=token"

Answer yes to the prompt to deploy

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

Once completed, outputs the ip and status

terraform deploy
digitalocean_droplet.terraform_droplet: Creation complete after 1m29s [id=123456789]

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.


ip_address = "123.456.798.10"


To destroy the infrastructure, run

terraform destroy

Answer the prompt with yes to destroy

Do you really want to destroy all resources?
  Terraform will destroy all your managed infrastructure, as shown above.
  There is no undo. Only 'yes' will be accepted to confirm.

  Enter a value: yes


Everything used here is in publicly available repo on GitHub here

Check the official documentation here. Feel free to comment here or drop an email. Au Revoir.