[英]How do I configure AWS MFA for Terraform?
我想为 Terraform 执行 MFA,因此预计会为每个terraform [command]
从我的虚拟 MFA 设备中请求 6 位令牌。 阅读文档后: cli-roles terraform mfa我创建了一个角色:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::[ACCOUNT_ID]:user/testuser"
},
"Action": "sts:AssumeRole",
"Condition": {
"Bool": {
"aws:MultiFactorAuthPresent": "true"
}
}
}
]
}
默认情况下,该用户被迫使用 MFA,我为他配置了一个虚拟 MFA 设备。
~/.aws/凭据:
[default]
...
[terraform_role]
role_arn = arn:aws:iam::[ACCOUNT_ID]:role/terraform-test-role
source_profile = default
mfa_serial = arn:aws:iam::[ACCOUNT_ID]:mfa/testuser
在我的 Terraform 环境中,我放置了以下内容:
provider "aws" {
profile = "terraform_role"
}
但是当我运行terraform plan
时,它会抛出一个错误:
Error refreshing state: 1 error(s) occurred:
* provider.aws: No valid credential sources found for AWS Provider.
Please see https://terraform.io/docs/providers/aws/index.html for more information on
providing credentials for the AWS Provider
解决方案是指定assume_role
语句:
provider "aws" {
profile = "default"
assume_role {
role_arn = "arn:aws:iam::[ACCOUNT_ID]:role/terraform-test-role"
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.