Deploy an AWS server with Terraform

This topic explains how to deploy an Ubuntu or Debian Amazon Web Services (AWS) cloud server with systemd and a bastion to your Advanced Server Access team with Terraform. You may need to modify this process to fit your specific needs.

Creating a cloud server with Terraform means installing the Terraform tool on your personal machine and using an access ID, enrollment token, and secret ID to create servers on the AWS console. After being created, your new servers should appear automatically within the Advanced Server Access dashboard.

This topic uses the ScaleFT Starter Kit as the Terraform module. View the kit on GitHub. For your setup, use your company's Terraform repository for your production environment. The configuration values in your terraform.tfvars file should be similar to those in this guide.


Amazon Web Services



Amazon Web Services Account An Amazon Web Services account is needed to access the AWS Management console, where you create virtual machines for your team.

Advanced Server Access



Advanced Server Access team The top-level object that represents an Okta org within Advanced Server Access.
Advanced Server Access project The authorization-scope of your team, organizing your users, groups, and servers.

Download and install Terraform

  1. Download the Terraform installer. See the Terraform website.
  2. Unzip the downloaded file and run the unix executable.

Locate and save your AWS security credentials

  1. Navigate to the AWS console and sign in to your account.
  2. Click the dropdown next to your username in the top-right corner of the console and select My Security Credentials.

    If prompted with another window concerning AWS Identity and Access Management users, click Continue to Security Credentials.

  3. Expand Access Keys (Access Key ID and Secret Access Key).
  4. Click Create New Access Key, then expand Hide Access Key to see your new access key ID and secret access key.
  5. Copy the access key ID and then secret access key and save them both in a secure location.

Configure Terraform for Advanced Server Access and AWS

  1. Create a file named terraform.tfvars and add the following lines:




  2. Replace <access-key> and <secret-key> in terraform.tfvars with the access key ID and secret access key values that you copied earlier.
  3. Replace <enrollment-token> in terraform.tfvars with your Advanced Server Access enrollment token.
  4. Save the file and place it in your Terraform module.
  5. In your machine's console, run which terraform to confirm that your Terraform path exists.

    Depending on your platform, the output should look something like: /users/user/bin/terraform

  6. Confirm that you are in your Terraform module, then run terraform init
  7. Confirm that the information in terraform.tfvars is correct by running terraform plan.

    If you receive any errors, troubleshoot as needed before proceeding.

  8. Run terraform apply to begin creating your servers. Enter yes if prompted for approval.

Confirm that your new servers are listed in Advanced Server Access before you attempt to connect to them.

Next steps

Verify server enrollment