Created
August 16, 2018 21:38
-
-
Save bkruger99/aebd57ba9a130de2eb3025a78eb14dad to your computer and use it in GitHub Desktop.
terraform aws assume role - quick and easy.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Version: | |
Terraform v0.11.8 | |
+ provider.aws v1.28.0 | |
+ provider.template v1.0.0 | |
terraform: | |
AWS has same format for credentials and config. I simply symlink them, I have one file more or less. | |
ln -s ~/.aws/config ~/.aws/credentials | |
This is essentially my ~/.aws/config file, where default is my account with my main account key. | |
[default] | |
region = us-west-2 | |
aws_access_key_id = XXX | |
aws_secret_access_key = XXX | |
[profile dev] | |
region = us-west-2 | |
role_arn = arn:aws:iam::<account>:role/<YourRole> | |
source_profile = default | |
---- | |
main.tf top: | |
provider "aws" { | |
region = "us-west-2" | |
profile = "dev" | |
} | |
terraform { | |
backend "s3" { | |
bucket = "<your-s3-bucket>" | |
key = "terraform.tfstate" | |
region = "us-west-2" | |
encrypt = true | |
dynamodb_table = "terraform-lock" | |
} | |
} | |
You have to set an ENV variable or set variable on command line to make it work. | |
This apparently makes terraform use the go aws sdk workflow instead of their own written one? | |
I didn't read the code to figure it out for sure. | |
bash: | |
export AWS_SDK_LOAD_CONFIG="1" | |
export AWS_PROFILE="dev" # For whatever reason, you still need to export your profile to use this. | |
terraform init | |
terraform plan -out <...> | |
etc | |
MFA: Untested. I'll get there eventually. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment