Visit site

Use Terraform with default variables to create Digital Ocean Droplets.

Terraform for Digital Ocean Droplet(s)


This repo contains terraform code and default variables that allow one to create Digital Ocean Droplet(s) with ease.


  • All arguments for the digitalocean_droplet Terraform resource are enumerated in main.tf and variables.tf. tags and volume_ids are commented out for first-time ease.
  • All available outputs will be printed upon completion of terraform apply.

Provisioners file and remote-exec are used to:

  1. Overwrite /etc/sysctl.conf with a web-server optimized and kernel-hardened parameters.
  2. Add a new user according to the ssh_user variable.
  3. Add this user to the admin group.
  4. Modify /etc/sudoers so that the admin group can execute sudo without a password.
  5. Add local authorized_keys file to ssh_user’s .ssh directory.
  6. Modify /etc/ssh/sshd_config to disallow root user login and allow PubkeyAuthentication.


  1. Terraform, obiously.
  2. A token for Digital Ocean that can write.

Required Variables

As long as these variables are provided, the defaults are to create one droplet in the sfo2 region with IPv6, monitoring, and private networking enabled.

  1. do_token: (string) Digital Ocean API Token.
  2. ssh_user: (string) Name of user that will be allowed passwordless sudo and ssh access.
  3. ssh_key_path: (string) path on local machine to SSH private key.
  4. vm_ssh_key_ids: (list) ID(s) of SSH Key ID’s according to Digital Ocean. If providing over CLI, be wary of the data type. For example:
      Enter a value: [25435191]


Export your Digital Ocean API key:


Note: Piping to jq required only for pretty-printing JSON response


terraform plan
terraform apply

Useful Commands

export TF_LOG_='DEBUG' && \
export TF_LOG_PATH='tf.log'

Get Droplet Sizes

curl -X GET -H "Content-Type: application/json" -H "Authorization: Bearer ${DIGITALOCEAN_TOKEN}" "https://api.digitalocean.com/v2/sizes?page=1" | jq
curl -X GET -H "Content-Type: application/json" -H "Authorization: Bearer ${DIGITALOCEAN_TOKEN}" "https://api.digitalocean.com/v2/sizes?page=2" | jq

Note: Multi-page responses

Locating your SSH Key ID(s)

If you want SSH keys already associated with your Digital Ocean account to be set on the Droplets, you first need to get the ID(s) of the key(s) according to Digital Ocean.

  1. Use cURL to list keys and their IDs:
curl -H "Content-Type: application/json" -H "Authorization: Bearer ${DIGITALOCEAN_TOKEN}" "https://api.digitalocean.com/v2/account/keys" | jq
  1. Use the desired Key ID from this output as the value(s) for the vm_ssh_key_ids variable.


Was this helpful?
Leave a comment

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Publish your Tool on Community

Have you created an Integration, API Wrapper, Service, or other Tool that helps developers build on DigitalOcean? Help users find it by listing it in Community Tools.

Featured on Community

Get our biweekly newsletter

Sign up for Infrastructure as a Newsletter.

Hollie's Hub for Good

Working on improving health and education, reducing inequality, and spurring economic growth? We'd like to help.

Become a contributor

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Welcome to the developer cloud

DigitalOcean makes it simple to launch in the cloud and scale up as you grow — whether you're running one virtual machine or ten thousand.

Learn more
DigitalOcean Cloud Control Panel