Digital Ocean logo

DigitalOcean is one of the easiest to use cloud virtual machine providers out there. If you need a quickly provisioned computing environment, DigitalOcean virtual machines typically become available in under 60 seconds. Instead of using the user interface (UI), it’s often best to automate.

Terraform is an infrastructure as code language that allows you to use providers, such as DigitalOcean, to provision resources without using the DigitalOcen UI. In this article, we explore how to use Terraform to provision a DigitalOcean Droplet (virtual machine).

Installing Terraform

Terraform is available for a multitude of platforms, Windows and Linux alike. The easiest method is to download the executable from the link below and place the executable into a system path to allow referencing it from anywhere.

Create API Keys from DigitalOcean

For Terraform to communicate with DigitalOcean, we need to generate API Keys for use with the DigitalOcean provider. The following steps outline how to create a new API key specifically for use with Terraform. You might use other API Keys, but it is best practice to not reuse keys, where you can, to easily disable access when necessary.

  1. Login to the DigitalOcean control panel.
  2. Navigate to the API section.
  3. Click on “Generate New Token.”
  4. Enter a token name and allow the token both read and write privileges.
  5. Copy the API Key as you will not be shown it again, we will then use this for Terraform.

Generate new personal access token.

Getting Started

The first step with any Terraform setup is to initialize a new configuration. First, create a directory to house our Terraform configuration.

mkdir digitalocean-terraform
cd digitalocean-terraform

Next, we need to create a digitalocean.tfvars file that we will use to hold our API Key that we previously generated. This is a best practice, as to not hard-code the credentials. When using version control, which is recommended, you can ignore any .tfvars files, or specific ones, to make sure those credentials do not get stored within the version control history.

touch digitalocean.tfvars

Within the digitalocean.tfvars, we will create a simple variable named api_token. This will be used later on within our Terraform scripts.

api_token = 12345123213412425

Creating the Droplet Resource File

Now that we have Terraform and DigitalOcean configuration set up, let’s create our Terraform configuration file. Create the file, and use the boilerplate code below to get started. To allow our configuration to use the provider and credentials, we need to tell it where to get that data.

variable "api_token" {
  default = ""

provider "digitalocean" {
  token = var.api_token

Now that we have our script configured, we can run terraform init code, and it will now create our Terraform metadata and install providers. You will notice that the command output shows the provider being downloaded for use. Additionally, we have told our provider to use the credentials that were previously specified in the .tfvars file.

Run terraform init code, and it will now create our Terraform metadata and install providers.

Filling Out the Droplet Commands

In this case, we want to provision a simple droplet resource. There are a couple of parameters that we are going to use. We want to use their cheapest available plan, in the NYC1 data center, and add on a couple of options that will make the Droplet more flexible in the future.

  • Droplet Image: ubuntu-18.04-x64
  • Region: NYC1
  • Size: s1-vcpu1-1gb

Now that we have our base attributes, let’s construct a Terraform config for this droplet.

resource "digitalocean_droplet" "web" {
  image              = "ubuntu-18-04-x64"
  name               = "test-web-vm"
  region             = "nyc1"
  size               = "s-1vcpu-1gb"
  monitoring         = true
  ipv6               = true
  private_networking = true

The additional commands that we are adding here are for monitoring, ipv6, and private networking. Monitoring means that you will have metrics, such as CPU and memory, from within the DigitalOcean cloud console. You can then set alerts on these metrics, so it is very useful for the future. IPv6 means that your droplet will be accessible from IPv6, which helps to future-proof your droplets. Finally, private networking means that your droplet will get a 10.x.x.x address that is accessible by other droplets but not the public internet.

There is one other very useful ability and that is user data. For Linux, this allows you to run certain commands on the provisioning of the VM, such as updating packages. We can include this right into the Terraform configuration, by adding this attribute on.

resource "digitalocean_droplet" "web" {
  image              = "ubuntu-18-04-x64"
  name               = "test-web-vm"
  region             = "nyc1"
  size               = "s-1vcpu-1gb"
  monitoring         = true
  ipv6               = true
  private_networking = true
    user_data          = "#cloud-confignpackage_update: truenpackage_upgrade: true"

If you start to do a lot with user_data, you can store the data within a YAML file and then include it within the resource declaration.


Deploying the Droplet

Now that our Terraform configuration is ready, let us deploy the droplet by running the following code.

terraform apply -var-file="digitalocean.tfvars

Deploy the droplet.

You might also notice a new .tfstate file is created. This captures the current state that Terraform knows of for your environment. If you attempt to deploy this droplet configuration again, Terraform will not, as it already knows that the droplet has been created. If you delete this file, it will cause Terraform to not recognize that the resource exists and attempt to create it again.

Wrapping Up

As you can tell from this article, creating a resource in DigitalOcean via Terraform is quick and simple. There are many more resources that you can provision using the DigitalOcean provider.

Using this configuration as code, you can provision entire environments quickly and easily within DigitalOcean using Terraform. For example, if you need a brand-new development environment, and you have it previously mapped out in a Terraform configuration using a simple deployment command, you can have a brand-new development environment ready to go.

Combining Terraform and DigitalOcean enables a powerful combination that not only protects your infrastructure, allows version control, but enforces consistency and security.

Profile Photo for Adam Bertram Adam Bertram
Adam Bertram is a 20+ year veteran of IT and an experienced online business professional. He’s a consultant, Microsoft MVP, blogger, trainer, published author and content marketer for multiple technology companies.
Read Full Bio »