开发者

Terraform and AWS secrets

I must be missing something in how AWS secrets can be accessed through Terraform. Here is the scenario I am struggling with:

  • I create an IAM user named "infra_user", create ID and secret access key for the user, download the values in plain txt.

  • "infra_user" will be used to authenticate via terraform to provision resources, lets say an S3 and an EC2 instance.

  • To protect the ID and secret key of "infra_user", I store them in AWS secrets manager.

  • In order to authenticate with "infra_user" in my terraform script, I will need to retrieve the secrets via the following block:

     data "aws_secretsmanager_secret" "arn" {
      arn = "arn:aws:secretsmanager:us-east-1:123456789012:secret开发者_JAVA技巧:example-123456"
    }
    

But, to even use the data block in my script and retrieve the secrets wouldn't I need to authenticate to AWS in some other way in my provider block before I declare any resources? If I create another user, say "tf_user", to just retrieve the secrets where would I store the access key for "tf_user"? How do I avoid this circular authentication loop?

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜