By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

HOW TO CONNECT TERRAFORM WITH AWS WITHOUT ACCESSKEY AND SECRETE KEY

0

HI Team, i want to know is there any another way or process to connect the terraform with aws account without access key and secrete key and if any describe the process.

Tags
Terraform
Language
English
rePost-User-2721854
asked a year ago2302 views
1 Answer
0

To answer your question, we need to understand the operating environment of where you are operating Terraform from, as you did not specify. Depending on where you are operating Terraform from, you have different options.

Are you operating Terraform from:

  • Your computer/laptop?
  • A Virtual Machine in your own datacenter/another cloud Provider?
  • Terraform Cloud?
  • EC2 in your AWS account?
  • Container in your AWS account?

The AWS provider for Terraform (a Terraform plugin) leverages the AWS GO SDK to interact with AWS APIs. The AWS Go SDK uses the AWS Credential Provider Chain. All SDKs have a series of places (or sources) that they check in order to find valid credentials to use to make a request to an AWS service. After valid credentials are found, the search is stopped. This systematic search is called the default credential provider chain.

These locations include the code you are running, the environment variables of the operating environment, shared configuration and credentials files, Amazon Elastic Contianer Service (ECS) credentials, Amazon EC2 instance profile credentials. For more information, see Precedence of settings.

I'm going to assume your end goal is simply to not have long lived credentials? Please confirm?

I'll provide some of the most common operating environments here:

Your computer/laptop When operating from your laptop/computer in an interactive mode from the Terminal, if you are using AWS IAM Identity Center authentication with SSO, you can use open source project Leapp to set your AWS configuration files to assume the role of your choice.

If operating from within VSCode, you can leverage the AWS Toolkit for Visual Studio Code to create a Credentials Profile. This profile will be honored in the VSCode Terminal.

A Virtual Machine in your own datacenter/another cloud Provider You can use IAM Roles Anywhere and the AWS open source RolesAnywhere Credential Helper vends temporary credentials by sending a CreateSession request to the Roles Anywhere service. You can use the update command to update the temporate credentials in the credential fie including the profile to use.

Terraform Cloud? Terraform Cloud can use dynamic provider credentials for official cloud providers, including AWS.

EC2 in your AWS account IAM roles for Amazon EC2 allows processes running on that EC2 to retrieve credentials from instance metadata.

ECS task/container in your AWS account Task IAM role for ECS allows processes running in that container to retrieve credentials from container metadata, similar to EC2 instance metadata but task specific.

Leapp https://www.leapp.cloud/

profile pictureAWS
awstyler
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content