aws_iam_user_login_profile 的 terraform 中的 Pgp 键

Question

我是 terraform 的新手，使用 terraform 创建 iam 用户

下面是 .tf 文件

resource "aws_iam_user" "lb" {
  name = "Ec2_view"

  # path = "/system/"
  # tags = {
  #   tag-key = "tag-value"
  # }
}

resource "aws_iam_access_key" "lb" {
  user = "${aws_iam_user.lb.name}"
}

resource "aws_iam_user_policy" "lb_ro" {
  name = "test"
  user = "${aws_iam_user.lb.name}"

  policy = <<EOF
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "ec2:Describe*"
      ],
      "Effect": "Allow",
      "Resource": "*"
    }
  ]
}
EOF
}

resource "aws_iam_user_login_profile" "u" {
  user                    = "${aws_iam_user.lb.name}"
  password_reset_required = true
  pgp_key="keybase:terraform_user"
}

output "password" {
value="${aws_iam_user_login_profile.u.encrypted_password"
}

pgp_key 在 aws_iam_user_login_profile 中是什么意思以及创建 pgp_key 并在 terraform 代码中使用它的步骤？

Answer 1

得到了答案

1. 需要在我们本地安装Keybase
2. 需要使用创建 Keybase 密钥 keybase pgp gen
3. 然后在您的 terraform 代码中提供此 Keybase 密钥的参考 keybase:username_of_keybase
4. 然后地形应用
5. 然后我们需要得到解密后的密码

terraform output -raw password | base64 --decode | keybase pgp decrypt