Ale*_*sov 6 amazon-web-services terraform multi-factor-authentication
我想为 Terraform 执行 MFA,因此期望从我的虚拟 MFA 设备中为每个terraform [command]. 阅读文档后:
cli-roles
terraform mfa
我创建了一个角色:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::[ACCOUNT_ID]:user/testuser"
},
"Action": "sts:AssumeRole",
"Condition": {
"Bool": {
"aws:MultiFactorAuthPresent": "true"
}
}
}
]
}
该用户默认强制使用 MFA,我为他配置了虚拟 MFA 设备。
~/.aws/凭证:
[default]
...
[terraform_role]
role_arn = arn:aws:iam::[ACCOUNT_ID]:role/terraform-test-role
source_profile = default
mfa_serial = arn:aws:iam::[ACCOUNT_ID]:mfa/testuser
在我的 Terraform 环境中,我放置了以下内容:
provider "aws" {
profile = "terraform_role"
}
但是当我运行terraform plan它时会抛出一个错误:
Error refreshing state: 1 error(s) occurred:
* provider.aws: No valid credential sources found for AWS Provider.
Please see https://terraform.io/docs/providers/aws/index.html for more information on
providing credentials for the AWS Provider
解决办法是指定一条assume_role语句:
provider "aws" {
profile = "default"
assume_role {
role_arn = "arn:aws:iam::[ACCOUNT_ID]:role/terraform-test-role"
}
}
| 归档时间: |
|
| 查看次数: |
9265 次 |
| 最近记录: |