Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use AWS CLI native config for credentials #266

Closed
robparrott opened this issue Sep 5, 2014 · 10 comments
Closed

Use AWS CLI native config for credentials #266

robparrott opened this issue Sep 5, 2014 · 10 comments

Comments

@robparrott
Copy link

The AWS CLI uses a standard way of configuring credentials, via an INI file in ~/.aws/config. For convenience and compatibility, terraform could populate the provider attributes from these settings when not explicitly set. This would allow an easy transition from the AWS cli tools, and encourage users to keep credentials out of their code (!!!)

This should also honor the various ENV vars that point to the proper config file (AWS_CONFIG_FILE) and enable multiple profiles.

@mitchellh
Copy link
Contributor

Agreed. Tagged.

@BRMatt
Copy link

BRMatt commented Jan 15, 2015

@robparrott @mitchellh I've started a rough implementation of this in #801.

Do you think it's worth loading info from both ~/.aws/credentials and ~/.aws/config? It looks like the CLI tools default to storing access/secret keys in credentials, and it seems the only other relevant config option in config is region.

Admittedly I've not used terraform that much, but it seems like region would be best configured in the terraform config files so that by default teams create all their infrastructure in the same region.

Thoughts?

EDIT: It seems Amazon recommend that third parties use ~/.aws/credentials and ignore ~/.aws/config.

BRMatt added a commit to BRMatt/terraform that referenced this issue Mar 1, 2015
This change also ensures that legacy env vars (AWS_ACCESS_KEY,
AWS_SECRET_KEY) have precedence over the official aws-cli variation, and
that both types of env var have precedence over settings in the
credentials file.

Note that this change technically supports different AWS credential
profiles via the AWS_PROFILE env variable. The goamz library handles
this.

see
 - hashicorp#266
 - hashicorp#866
@jszwedko
Copy link
Contributor

It looks like this is already built into goamz/aws. Even though packer prompted for credentials, if I just hit enter it was still able to connect correctly.

@catsby
Copy link
Contributor

catsby commented May 5, 2015

We're using the awslabs/aws-sdk-go library, which picks up these things by default now, so I'm going to close this

@catsby catsby closed this as completed May 5, 2015
@jjshoe
Copy link

jjshoe commented Jun 18, 2015

This doesn't work, but looks like #2235 should take care of it.

@rprieto
Copy link

rprieto commented Nov 4, 2015

Hi, any update on this? I agree it should just work thanks to aws-sdk-go, but doesn't seem to:

$ echo $AWS_PROFILE
myprofile
$ terraform apply
provider.aws.access_key
* Error configuring aws: access_key: interrupted

Unless I'm missing something?

I agree with the comment on #2235, Packer works well with AWS profiles which is great. No need for storing separate credentials - you can simply use the same mechanism as the AWS CLI tools, e.g.

export AWS_PROFILE=myprofile
packer build packer.json
aws ec2 describe-images --owners self

@inferiorhumanorgans
Copy link

Looks like there's some overlap with #2235 -- has there been any progress on this? It would be nice t see parity with packer (and many other AWS tools). Specifically, being able to load the credentials out of the ~/.aws/credentials file instead of having to manually extract them and set an environment variable would be very nice (ex: no more putting credentials in your shell's history).

@brainstorm
Copy link

Totally +1 on this. As a newcomer to terraform, I find the initial "put your credentials here" quite off-putting, even if they can be stored in variables as mentioned in the quickstart:

https://www.terraform.io/intro/getting-started/build.html
https://www.terraform.io/intro/getting-started/variables.html

I want to have my credentials all in one place instead of copied over different formats that terraform (or potentially other software) can understand.

@kiefersmith
Copy link

Seems like having credentials in one place instead of 2+ would be more secure too.

@ghost
Copy link

ghost commented Apr 3, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@ghost ghost locked and limited conversation to collaborators Apr 3, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

10 participants