Here’s a step-by-step guide to creating an AWS IAM user for use with Terraform, following best practices:
- Create an IAM user in the AWS console
- Sign in to the AWS Management Console and navigate to the IAM dashboard.
- In the navigation pane, choose Users, then choose Create user.
- Type a username for the new user, for example, “terraform-user”.
- Set permissions for the user (you can attach policies directly or add the user to a group with preconfigured policies).
- For a simple initial setup, you might consider attaching the AdministratorAccess policy, but it’s recommended to follow the principle of least privilege and grant only the necessary permissions.
- You can find a list of AWS managed policies and create custom policies to fit your specific needs.
- Optionally, add tags to the user for organizational purposes.
- Review the user details and click Create user.
- After the user is created in the user summary, switch to
Security Credentialstab > Access keys >Create access key
- Access key best practices & alternatives > Next >
Create access key
- You’ll be presented with the access key ID and secret access key. Download the
.csvfile containing these credentials and store it securely.- Important: This is the only opportunity to view the secret access key. If you lose it, you’ll have to generate new keys.
- Set environment variables
- Open your terminal or command prompt.
- Set the environment variables for your AWS credentials and region. You can do this in your shell’s startup script to make them persistent across sessions or set them directly in the current session.
- Install and configure the AWS CLI (if not already done)
Linux/macOS:
export AWS_ACCESS_KEY_ID="your_access_key_id"
export AWS_SECRET_ACCESS_KEY="your_secret_access_key"
export AWS_REGION="your_aws_region" # e.g., us-east-1Tip: To avoid storing sensitive data in your bash history, preface the export commands with a space, according to Gruntwork.
Windows (Command Prompt):
set AWS_ACCESS_KEY_ID="your_access_key_id"set AWS_SECRET_ACCESS_KEY="your_secret_access_key"set AWS_REGION="your_aws_region" # e.g., us-east-1Windows (PowerShell):
$env:AWS_ACCESS_KEY_ID="your_access_key_id"
$env:AWS_SECRET_ACCESS_KEY="your_secret_access_key"
$env:AWS_REGION="your_aws_region" # e.g., us-east-1- Download and install the AWS CLI for your operating system by referring to the official Amazon AWS Documentation.
- Open your terminal or command prompt and run
aws configure. - (Optional) When prompted, enter your AWS Access Key ID, Secret Access Key, Default region, and Default output format (e.g.,
json).
- Set up the Terraform configuration
- Create a new directory for your Terraform project (e.g.,
mkdir my-terraform-project). - Navigate into the new directory:
cd my-terraform-project. - Create a file named
main.tf(or any other.tffile in the directory). - Add the AWS provider block to
main.tf, specifying the region: terraformterraform { required_providers { aws = { source = "hashicorp/aws" version = "~> 5.0" } } } provider "aws" { region = "us-east-1" # Replace with your desired AWS region }
- Initialize Terraform
- Open your terminal or command prompt in the project directory.
- Run
terraform initto initialize the Terraform configuration and download the necessary AWS provider plugin.
- Verify the setup
- Run
terraform planto verify that Terraform can authenticate and access AWS without errors. - You should see a plan of the changes that would be applied if you had defined resources in your
main.tffile.
- (Optional) Clean up
- If you’ve created any test resources, you can remove them by running
terraform destroy.
Following these steps will allow you to use Terraform with the newly created AWS IAM user and its credentials. Remember to always prioritize the principle of least privilege for security best practices.
Discover more from Altgr Blog
Subscribe to get the latest posts sent to your email.
