Getting Started with OpenTofu

This guide provides an introduction to OpenTofu, an open-source infrastructure as code (IaC) tool. You will learn what OpenTofu is, why we recommend it over Terraform, and how to install and use it to manage your cloud resources. OpenTofu allows you to define your infrastructure in human-readable configuration files, which can be versioned, reused, and shared.

Prerequisites

Before you begin, you will need:

• An active University of Oregon AWS account.
• The AWS CLI installed and configured.

Core Concepts

OpenTofu is a tool for building, changing, and versioning infrastructure safely and efficiently. It uses a declarative syntax to describe your desired state, and it takes care of the rest.

Why OpenTofu?

Until recently, Terraform has been the go-to tool for infrastructure as code management. Unfortunately, HashiCorp has not only slowed development in the recent years, but also changed the licensing to a BSL license, which could be problematic in the future if they start to require paying for use.

There’s now an open-source fork of Terraform called OpenTofu that has been steadily outpacing Terraform in development and support. OpenTofu is supported by the Linux Foundation, so it’s expected to be well-supported and remain open-source for years to come.

For this reason, we’ll be installing and using OpenTofu instead of Terraform.

Basic Commands

There are a few basic commands you’ll use frequently with OpenTofu:

• tofu init: Initializes a new or existing OpenTofu configuration.
• tofu plan: Creates an execution plan, which lets you preview the changes that OpenTofu plans to make to your infrastructure.
• tofu apply: Applies the changes required to reach the desired state of the configuration.
• tofu destroy: Destroys the infrastructure managed by the OpenTofu configuration.

Installation

You can find multi-platform install instructions here: https://opentofu.org/docs/intro/install/

OpenTofu Example

Here is a simple example of how to use OpenTofu to create a private S3 bucket.

# main.tf - Example for creating a private S3 bucket

resource "aws_s3_bucket" "document_storage" {
  bucket = "uo-myapp-example-bucket" # Please use a long, unique name

  tags = {
    Name        = "UO Myapp Example Bucket"
    Environment = "Production"
  }
}

resource "aws_s3_bucket_public_access_block" "main" {
  bucket = aws_s3_bucket.document_storage.id

  block_public_acls       = true
  block_public_policy     = true
  ignore_public_acls      = true
  restrict_public_buckets = true
}

Code Explanation

• resource "aws_s3_bucket" "document_storage": This block declares a new S3 bucket resource. We’ve given it the logical name document_storage for reference within our OpenTofu code.
• bucket = "uo-myapp-example-bucket": This sets the globally unique name for the S3 bucket. You will need to change this to a unique name for your own bucket.
• tags: These are key-value pairs that you can use to organize and manage your AWS resources.
• resource "aws_s3_bucket_public_access_block" "main": This is a critical security resource that ensures your bucket remains private. It blocks all public access to the bucket and its objects, which is the recommended setting for most use cases.

To run this example, save the code to a file named main.tf, then run tofu init and tofu apply.

Optional: Useful Alias

To make my life easier, I prefer to alias tofu to tf.

Mac/Linux

In your ./bashrc or other shell configuration file:

alias tf='tofu'

Windows

In your Powershell $PROFILE:

Set-Alias -Name tf -Value tofu

Next Steps

Now that you have OpenTofu installed and configured, you can start using it to manage your cloud resources. Here are some next steps you might consider:

• Read our guide on OpenTofu Variables to learn how to make your configurations more flexible and reusable.
• Explore the OpenTofu Registry to find providers for your favorite cloud platforms and services.