Setting up Terraform Cloud to Work with Localstack

Signup for a Terraform Cloud Account

Run Localstack Instance

version: '3.7'services:
container_name: localstack-main
image: localstack/localstack:latest
- "4566:4566"
- SERVICES=${SERVICES-acm,apigateway
- DOCKER_HOST=unix:///var/run/docker.sock
- DATA_DIR=/tmp/localstack/data
- TMPDIR=/tmp/localstack/tmp
- "${HOST_MNT_ROOT}/data:/tmp/localstack/data"
- "/var/run/docker.sock:/var/run/docker.sock"
- "${HOST_MNT_ROOT}/tmp:/tmp/localstack/tmp"
$ mkdir -p $HOME/localstack/data
$ mkdir $HOME/localstack/tmp
$ HOST_MNT_ROOT=$HOME/localstack docker-compose up -d

Set Up Tunnel to Localstack Instance

  • Download the latest binary for your OS from the git releases page:
  • The following example downloads the latest Linux release as of now and installs the binary to $HOME/tunneldev/tunnelto
$ mkdir $HOME/tunneldev
$ cd $HOME/tunneldev
$ wget
$ tar -xvf tunnelto-linux.tar.gz
$ chmod 755 tunnelto
  • The following invocation example of tunnelto establishes a tunnel betweenhttps://<SUBDOMAIN> and localhost:4566 using a specified subdomain (in this case uniquelocalstack):
$ $HOME/tunneldev/tunnelto --port 4566 --subdomain uniquelocalstack
  • --subdomain option has been specified to request for subdomain uniquelocalstack
  • Note, subdomains are not reserved and subsequent requests for the same name may fail if already allocated
  • The following displays sample output from the above command
⣷ Success! Remote tunnel created on:
=> Forwarding to localhost:4566Local Inspect Dashboard: http://localhost:38047
  • The external URL is:
  • The output also displays a link to a Local Inspect Dashboard for monitoring incoming requests: http://localhost:38047
  • Make a note of these URLs, they will be referenced in subsequent sections
  • We can now go ahead and test calls to our Localstack instance from the public URL. Assuming AWS credentials for Localstack are configured with profile name localstack, we can run the following to list S3 buckets::
$ aws --profile localstack \
--endpoint-url s3 ls
  • By visiting the URL assigned to Local Inspect Dashboard, we can see the GET request associated with the s3 bucket ls:

Configure Sample Terraform Git Repo for Testing

  • Fork/copy the repo to your Github account
  • Replace all occurrences of AWS provider service endpoints, i.e.
    <TUNNEL URL> in file, with your tunnel URL as noted earlier.
endpoints {
acm = "https://<TUNNEL URL>"
apigateway = "https://<TUNNEL URL>"
cloudformation = "https://<TUNNEL URL>"
cloudwatch = "https://<TUNNEL URL>"
dynamodb = "https://<TUNNEL URL>"
ec2 = "https://<TUNNEL URL>"
es = "https://<TUNNEL URL>"
firehose = "https://<TUNNEL URL>"
iam = "https://<TUNNEL URL>"
kinesis = "https://<TUNNEL URL>"
kms = "https://<TUNNEL URL>"
lambda = "https://<TUNNEL URL>"
rds = "https://<TUNNEL URL>"
route53 = "https://<TUNNEL URL>"
s3 = "https://<TUNNEL URL>"
secretsmanager = "https://<TUNNEL URL>"
ses = "https://<TUNNEL URL>"
sns = "https://<TUNNEL URL>"
sqs = "https://<TUNNEL URL>"
ssm = "https://<TUNNEL URL>"
stepfunctions = "https://<TUNNEL URL>"
sts = "https://<TUNNEL URL>"
  • Commit and push your changes

Set Up Terraform Cloud

Create Workspace

  • Create a new workspace by choosing Workspaces --> New Workspace
  • Choose Version control workflow when prompted for the workflow type
  • For the VCS (Version control provider/source), choose
  • You will be prompted to authenticate with your Github account in order to access your repositories
  • Once authentication completes, choose the repo we just edited, terraform-cloud-localstack
  • The workspace name defaults to terraform-cloud-localstack
  • Select create workspace to trigger the workspace creation/configuration

Execute the Terraform Plan

  • Run the plan by selecting Queue plan
  • Respond to the Confirm and Apply prompt by adding in a comment
  • Finally, choose Confirm Plan
  • Once the Terraform plan has executed successfully, you’ll be able to view the logs and State versions

Verifying Deployment of Plan Components

  • To confirm the bucket has been created on our Localstack instance we use either the localhost AWS endpoint URL,
$ aws --profile localstack \
--endpoint-url http://localhost:4566 s3 ls
2021-01-02 08:36:44 sandpit-sample
$ aws --profile localstack --endpoint-url <TUNNEL URL> s3 ls2021-01-02 08:36:44 sandpit-sample
  • The Local Inspector Dashboard, as noted earlier, should show the incoming requests from the public address
  • Here is the output for my specific instance as it appears at Dashboard URL: http://localhost:38047
  • Subsequent changes to code within the git repository will automatically be reflected in the Cloud workspace

Final Notes



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Tony Tannous

Tony Tannous

Learner. Interests include Cloud and Devops technologies.