Open in app

Sign in

Write

Sign in

Day 5: Authenticating Terraform with AWS

Sai Kiran Pikili
2 min readDec 24, 2024

--

Today, we’ll authenticating Terraform with AWS. We’ll use the AWS Provider, which enables Terraform to manage AWS resources.

AWS Provider Overview

Terraform’s AWS Provider allows seamless interaction with AWS services. You can explore the full documentation here.

Before provisioning resources, you’ll need to authenticate Terraform with your AWS account. The AWS Provider offers multiple authentication methods, ensuring flexibility in different environments.

Authentication and Configuration

Sources of Configuration

The AWS Provider determines credentials and configuration in the following precedence (similar to the AWS CLI and SDKs):

  1. Provider configuration block.
  2. Environment variables.
  3. Shared credentials and configuration files.
  4. Container credentials.
  5. Instance profile credentials.

Important Notes

  • Avoid hardcoding sensitive credentials in your Terraform configurations. Use environment variables or shared credential files to minimize the risk of secret leakage.
  • The AWS Provider supports advanced features like IAM Role Chaining, Web Identity Federation, and External Credential Processes.

Authentication Methods

1. Provider Configuration Block

You can directly specify credentials within the provider block, though this is not recommended for security reasons.

provider "aws" {
  region     = "us-west-2"
  access_key = "your-access-key"
  secret_key = "your-secret-key"
}

2. Environment Variables

Set AWS credentials as environment variables. This is a safer approach and widely used.

export AWS_ACCESS_KEY_ID="your-access-key"
export AWS_SECRET_ACCESS_KEY="your-secret-key"
export AWS_REGION="us-west-2"

The provider block can then remain empty:

provider "aws" {}

3. Shared Configuration and Credentials Files

Terraform can use AWS credentials stored in ~/.aws/credentials and configurations in ~/.aws/config.

provider "aws" {
  profile = "your-profile-name"
}

Set the profile via the AWS_PROFILE environment variable or explicitly in the provider block.

Advanced Authentication Features

  • IAM Role Chaining: Assume a sequence of roles across AWS accounts.
  • Web Identity Federation: Authenticate using OpenID Connect (OIDC).
  • Instance Profiles: Automatically use EC2 metadata for credentials when running on AWS.

For detailed configuration options, visit the Terraform AWS Provider Documentation.

Next Steps

With authentication set up, you’re ready to launch your first EC2 instance! In the next post, we’ll cover how to write a Terraform configuration to provision an EC2 instance, including specifying the AMI, instance type, and networking configurations.

Have any questions or feedback? Share them in the comments! 🚀

Terraform
Infrastructure As Code
Configuration Management
Opentofu
Iac

--

--

Sai Kiran Pikili
Sai Kiran Pikili

Written by Sai Kiran Pikili

9 Followers
4 Following

Architecting seamless DevOps solutions 🚀 Automating workflows, enhancing reliability, and empowering innovation to fuel the future of technology 🌟

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams