Use IAM role instead of credentials to create aws resource from an EC2 instance using terraform

Question

We are working on a requirement where we want terraform apply which runs on AWS EC2 instance to use IAM role instead of using credentials(accesskey/secretkey) as part of aws provider to create route53 in AWS. NOTE: IAM Role added to instance has been provided with policy which gives the role the route53fullaccess. When we use below syntax in terraform.tf, it works fine. We are able to create route. SYNTAX:

*provider "aws" {
access_key = "${var.aws_accesskey}
secret_key = "${var.aws_secretkey}
region = "us-east-1"
}
resource "aws_route53_record {}*

But, we want the terraform script to run with IAM Role and not with credentials. (Do not want to maintain credentials file) STEPS TRIED: 1. Removed provider block from terraform.tf file and run the build. SYNTAX: resource "aws_route53_record {} 2.Getting the below error. Provider.aws :InvalidClientTokenid. 3. Went through the terraform official documentation to use IAM Role. it says to use metadata api. but there is no working sample. (https://www.terraform.io/docs/providers/aws/index.html) Am new to Terraforms so pardon me if its a basic question. Can someone help with the code/working sample to achieve this ?

Answer 1

You need to supply the profile arn in the "provider" block, not the role, like so :

provider "aws" { profile = "arn:aws:iam::<your account>:instance-profile/<your role name>" }

The 'role_arn' key mentioned in the answer above is actually invalid in the 'provider' context.