Terraform HCL Generator

Generate Terraform HCL for AWS infrastructure. Outputs main.tf, variables.tf, outputs.tf, and terraform.tfvars. 100% client-side — nothing leaves your browser.

Infrastructure Type

Provider Settings

AWS Region

AWS Profile— Leave empty for default

Backend Configuration

Backend Type

Project Settings

Project Name— Used for resource naming

Environment

VPC

VPC CIDR Block

DNS HostnamesDNS Support

Subnets

Public Subnet CIDRs— Comma-separated

Private Subnet CIDRs— Comma-separated, leave empty for none

Availability Zones— Comma-separated

Security Group

Name

Description

Ingress Rules

Allow all egress traffic

EC2 Instance

Instance Type

AMI ID— Region-specific

SSH Key Pair Name

Root Volume Size (GB)

Volume Type

Associate public IP

RDS Database

S3 Bucket

IAM Role

Global Tags

Output Options

Include commentsGenerate variables.tf (use var.* references)Generate outputs.tfGenerate terraform.tfvars

HIGH:SSH (port 22) is open to 0.0.0.0/0. Restrict to your IP for production.

main.tf

# Generated by RawOps.dev — Terraform HCL Generator

terraform {
  required_version = ">= 1.0"

  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 5.0"
    }
  }
}

# ── Provider ─────────────────────────────────────────────────────────

provider "aws" {
  region = var.aws_region
}

# ── Common Tags ──────────────────────────────────────────────────────

locals {
  common_tags = {
    Environment = var.environment
    ManagedBy = "terraform"
    Project = var.project_name
  }
}

# ── VPC ──────────────────────────────────────────────────────────────

resource "aws_vpc" "main" {
  cidr_block           = var.vpc_cidr
  enable_dns_hostnames = true
  enable_dns_support   = true

  tags = merge(local.common_tags, {
    Name = "${var.project_name}-vpc"
  })
}

resource "aws_internet_gateway" "main" {
  vpc_id = aws_vpc.main.id

  tags = merge(local.common_tags, {
    Name = "${var.project_name}-igw"
  })
}

# ── Public Subnets ───────────────────────────────────────────────────

resource "aws_subnet" "public" {
  count             = length(var.public_subnet_cidrs)
  vpc_id            = aws_vpc.main.id
  cidr_block        = var.public_subnet_cidrs[count.index]
  availability_zone = var.availability_zones[count.index % length(var.availability_zones)]

  map_public_ip_on_launch = true

  tags = merge(local.common_tags, {
    Name = "${var.project_name}-public-${count.index + 1}"
  })
}

# Public route table
resource "aws_route_table" "public" {
  vpc_id = aws_vpc.main.id

  route {
    cidr_block = "0.0.0.0/0"
    gateway_id = aws_internet_gateway.main.id
  }

  tags = merge(local.common_tags, {
    Name = "${var.project_name}-public-rt"
  })
}

resource "aws_route_table_association" "public" {
  count          = length(aws_subnet.public)
  subnet_id      = aws_subnet.public[count.index].id
  route_table_id = aws_route_table.public.id
}

# ── Security Group ───────────────────────────────────────────────────

resource "aws_security_group" "main" {
  name        = "${var.project_name}-${var.environment}-sg"
  description = "Security group for web server"
  vpc_id      = aws_vpc.main.id

  ingress {
    from_port   = 22
    to_port     = 22
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
    description = "SSH"
  }

  ingress {
    from_port   = 80
    to_port     = 80
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
    description = "HTTP"
  }

  ingress {
    from_port   = 443
    to_port     = 443
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
    description = "HTTPS"
  }

  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
    description = "Allow all outbound traffic"
  }

  tags = merge(local.common_tags, {
    Name = "${var.project_name}-${var.environment}-sg"
  })
}

# ── EC2 Instance ─────────────────────────────────────────────────────

resource "aws_instance" "main" {
  ami           = var.ec2_ami
  instance_type = var.ec2_instance_type
  key_name      = var.ec2_key_name

  subnet_id = aws_subnet.public[0].id
  vpc_security_group_ids = [aws_security_group.main.id]
  associate_public_ip_address = true

  root_block_device {
    volume_size = var.ec2_volume_size
    volume_type = "gp3"
  }

  tags = merge(local.common_tags, {
    Name = "${var.project_name}-${var.environment}"
  })
}

Quick Recipes

Click a recipe to populate the form with a ready-to-use Terraform configuration.

Terraform HCL Guide

Terraform by HashiCorp is the de facto standard for Infrastructure as Code (IaC). It uses HCL (HashiCorp Configuration Language) to declaratively define cloud resources. You write what you want, and Terraform figures out how to create, update, or destroy resources to match your configuration.

Terraform File Structure

File	Purpose	Required?
main.tf	Provider config + resource definitions	Yes
variables.tf	Input variable declarations (type, description, default)	Recommended
outputs.tf	Output values (IDs, endpoints, ARNs)	Recommended
terraform.tfvars	Variable values for the current environment	Optional
backend.tf	Remote state configuration (S3, GCS, etc.)	Production

Terraform Workflow

The core Terraform workflow is init → plan → apply. terraform init downloads providers and initializes the backend. terraform plan shows what will change without modifying anything. terraform apply executes the changes. Always review the plan before applying.

AWS Resources Reference

Resource	Terraform Type	Key Parameters
VPC	aws_vpc	cidr_block, enable_dns_hostnames
Subnet	aws_subnet	vpc_id, cidr_block, availability_zone
Security Group	aws_security_group	vpc_id, ingress, egress
EC2 Instance	aws_instance	ami, instance_type, key_name
RDS Instance	aws_db_instance	engine, instance_class, allocated_storage
S3 Bucket	aws_s3_bucket	bucket, force_destroy
IAM Role	aws_iam_role	name, assume_role_policy

Best Practices

Use remote state — store terraform.tfstate in S3 with DynamoDB locking for team collaboration.
Never hardcode secrets — use TF_VAR_* environment variables or a secrets manager for passwords and API keys.
Use variables for everything configurable — instance types, CIDR blocks, and region should be variables, not hardcoded values.
Tag all resources — consistent tags (Project, Environment, ManagedBy) are essential for cost tracking and governance.
Use modules for reuse — extract common patterns (VPC + subnets, EC2 + SG) into reusable Terraform modules.
Plan before apply — always run terraform plan and review changes before terraform apply.

Privacy First

All HCL generation happens entirely in your browser using JavaScript. Your AWS configurations, CIDR blocks, and resource settings are never sent to any server. This tool has zero backend dependencies.