Skip to content

Instantly share code, notes, and snippets.

@bkruger99
Created August 16, 2018 21:38
Show Gist options
  • Save bkruger99/aebd57ba9a130de2eb3025a78eb14dad to your computer and use it in GitHub Desktop.
Save bkruger99/aebd57ba9a130de2eb3025a78eb14dad to your computer and use it in GitHub Desktop.
terraform aws assume role - quick and easy.
Version:
Terraform v0.11.8
+ provider.aws v1.28.0
+ provider.template v1.0.0
terraform:
AWS has same format for credentials and config. I simply symlink them, I have one file more or less.
ln -s ~/.aws/config ~/.aws/credentials
This is essentially my ~/.aws/config file, where default is my account with my main account key.
[default]
region = us-west-2
aws_access_key_id = XXX
aws_secret_access_key = XXX
[profile dev]
region = us-west-2
role_arn = arn:aws:iam::<account>:role/<YourRole>
source_profile = default
----
main.tf top:
provider "aws" {
region = "us-west-2"
profile = "dev"
}
terraform {
backend "s3" {
bucket = "<your-s3-bucket>"
key = "terraform.tfstate"
region = "us-west-2"
encrypt = true
dynamodb_table = "terraform-lock"
}
}
You have to set an ENV variable or set variable on command line to make it work.
This apparently makes terraform use the go aws sdk workflow instead of their own written one?
I didn't read the code to figure it out for sure.
bash:
export AWS_SDK_LOAD_CONFIG="1"
export AWS_PROFILE="dev" # For whatever reason, you still need to export your profile to use this.
terraform init
terraform plan -out <...>
etc
MFA: Untested. I'll get there eventually.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment