Does anyone have any cool ideas on how to handle Terraform provider credentials for AWS given these use cases:
My current workflow requires changing the AWS_ACCESS_KEY
and AWS_SECRET_KEY
depending on the operation:
terraform init
- requires access to S3 backend remote state terraform plan/apply
- requires access to specific environment + remote state
kitchen converge
- requires access to test environment + remote state
kitchen verify
- requires access to test environment. Ideas
backend
configuration.You will need the main account to be able to assume a role on each env account to perform the changes, while the remote main account will keep all states. This is a good way to work with terraform worspaces Assuming you have two workspaces, prod and dev, you can try something like this:
variable "workspace_roles" {
default = {
dev = "arn:aws:iam::<dev account id>:role/terra_role"
prod = "arn:aws:iam::<prodaccount id>:role/terra_role"
}
}
provider "aws" {
assume_role = var.workspace_roles[terraform.workspace]
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.