Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Terraform - AWS IAM user with Programmatic access

I'm working with aws via terraform.
I'm trying to create an IAM user with Access type of "Programmatic access".

With the AWS management console this is quite simple:

AWS console management


When trying with Terraform (reference to docs) it seems that only the following arguments are supported:

name
path
permissions_boundary
force_destroy
tags

Maybe this should be configured via a policy?
Any help will be appreciated.


(*) Related question with different scenario.

like image 629
RtmY Avatar asked Nov 14 '19 09:11

RtmY


People also ask

How do I use programmatic access on AWS?

Select the type of access this set of users will have. You can select programmatic access, access to the AWS Management Console, or both. Select Programmatic access if the users require access to the API, AWS CLI, or Tools for Windows PowerShell. This creates an access key for each new user.

How do I provide programmatic access to AWS resources?

You use an access key ID and a secret access key to sign your requests for authorization to AWS. Programmatic access can be quite powerful, so implementing best practices to protect access key IDs and secret access keys is important in order to prevent accidental or malicious account activity.

How do I add a user to Terraform?

After creating & adding both files make sure to save it & point the command line towards the folder you have created all these files before you type command “terraform init” | “terraform plan” | terraform apply to deploy resources. Now you will see that Terraform wants to create three IAM users, each with unique names.


2 Answers

You can use aws_iam_access_key (https://www.terraform.io/docs/providers/aws/r/iam_access_key.html) terraform resource to create Access keys for the user and that should imply that user has Programmatic Access.

Hope this helps.

like image 84
pradeep Avatar answered Oct 02 '22 00:10

pradeep


The aws_iam_user resource needs to also have an aws_iam_access_key resource created for it.

The iam-user module has a comprehensive example of using it.

You could also use that module straight from the registry and let that do everything for you.

like image 38
grahamlyons Avatar answered Oct 02 '22 01:10

grahamlyons