Authentication and Configuration
To connect to your cloud provider like AWS you need Authentication and configuration.
Configuration for the AWS Provider can be derived from several sources, which are applied in the following order:
1. ‘Parameters in the provider configuration’
2. Environment variables
3. Shared credentials files
4. Shared configuration files
5. Container credentials
6. Instance profile credentials and region
In this demo, I have explained the first 3 ways of authentication.
First Create an IAM user with Administrative access. and get the Access_key and Secret_key.
Create an IAM user in the AWS console with Administrative access or with the required policies, and get the user Access_key and Secret_key_id.
After you have user Access_key and Secret_key you can provide these directly in the Provider block of Terraform configuration.
Specify the user details
Review the user details and click on create user.
Then click on ‘terraformUser1’ and then click on ‘Security credentials’ and scroll down little you will find under ‘Access keys’ . click on ‘create access key’.
then the below window will get opened. select ‘Command Line Interface(CLI)’ from the list of options.
scroll down and tick the check box and click on ‘Next’
enter the description and click on ‘Create access key’
you will find ‘Access key’ and ‘Secret access key’ . copy them and store in a notepad. These credential we are going to use for authentication.
- Connect to AWS provider by Parameters in the provider configuration
This is the first method of authetication. Credentials can be provided by adding an access_key, secret_keyto the aws provider block.
Create a folder on the your desktop and name it. I named for this demo as ‘authentication_lab’.
open it in the visual studio code.
create a file called main.tf , and write configuration code, to create any resource like ec2 instance, here in the provider block use the ‘terraformuser1' access_key and secret_key.
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 4.0"
}
}
}
# Configure the AWS Provider
provider "aws" {
region = "ap-south-1"
access_key = "AKIAXZ6LNDQOWHDVHNHZ"
secret_key = "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"
}
resource "aws_instance" "demoserver" {
ami = "ami-0e07dcaca348a0e68"
instance_type = "t2.micro"
tags = {
Name = "appserver"
}
}Now check with the commands terraform init, terraform plan, terraform apply weather you are able to connect to your cloud provider ‘aws’ and instance got created or not?
But it is not best way, because we are hardcoding the credentials in the configuration file itself, so there is high risk of secret leakage with this method.
terraform destoy
2. Environment variables
Credentials can be provided by using the AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY_ID environment variables.
For example:
for linux or mac use ‘export’ command
$ export AWS_ACCESS_KEY_ID="AKIAXZ6LNDQOWHDVHNHZ"
$ export AWS_SECRET_ACCESS_KEY="Pzrztq4Trgo3ld7Ge0A6z6tL+h3QF7W61gPrJysb"
$ export AWS_REGION="ap-south-1"for Windows use ‘set’
$ set AWS_ACCESS_KEY_ID="AKIAXZ6LNDQOWHDVHNHZ"
$ set AWS_SECRET_ACCESS_KEY="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"
$ set AWS_REGION="ap-south-1"It will work only in the current terminal. Only for that session. If you closed terminal, again need to execute.
3. Shared credentials files
The AWS Provider can get credentials from the shared configuration and credential file, these files are located by default at “ ~/.aws/config” and ”~/.aws/credentials” on Windows. on Linux and macOS, “$HOME/.aws/config”and “$HOME/.aws/credentials”.
If no named profile is specified, the “default”profile is used.
now in the Terraform configuration in main.tf, instead of hardcoding ‘access_key’ and ‘secret_key’, just insert profile = “terraformprofile”
Now check with the commands terraform init, terraform plan, terraform apply weather you are able to connect to your cloud provider ‘aws’ and instance got created or not?
If credentials are provided in above all the ways, then the order what is given above is considered by the Terraform, to get authentication. Means first check for ‘Parameters in the provider configuration’ and then ‘Environment variables’ and so on..
Happy Learnng :)
