Use AWS CLI native config for credentials #266
Comments
|
Agreed. Tagged. |
|
@robparrott @mitchellh I've started a rough implementation of this in #801. Do you think it's worth loading info from both Admittedly I've not used terraform that much, but it seems like Thoughts? EDIT: It seems Amazon recommend that third parties use |
This change also ensures that legacy env vars (AWS_ACCESS_KEY, AWS_SECRET_KEY) have precedence over the official aws-cli variation, and that both types of env var have precedence over settings in the credentials file. Note that this change technically supports different AWS credential profiles via the AWS_PROFILE env variable. The goamz library handles this. see - hashicorp#266 - hashicorp#866
|
It looks like this is already built into |
|
We're using the awslabs/aws-sdk-go library, which picks up these things by default now, so I'm going to close this |
|
This doesn't work, but looks like #2235 should take care of it. |
|
Hi, any update on this? I agree it should just work thanks to $ echo $AWS_PROFILE
myprofile
$ terraform apply
provider.aws.access_key
* Error configuring aws: access_key: interruptedUnless I'm missing something? I agree with the comment on #2235, Packer works well with AWS profiles which is great. No need for storing separate credentials - you can simply use the same mechanism as the AWS CLI tools, e.g. export AWS_PROFILE=myprofile
packer build packer.json
aws ec2 describe-images --owners self |
|
Looks like there's some overlap with #2235 -- has there been any progress on this? It would be nice t see parity with packer (and many other AWS tools). Specifically, being able to load the credentials out of the ~/.aws/credentials file instead of having to manually extract them and set an environment variable would be very nice (ex: no more putting credentials in your shell's history). |
|
Totally +1 on this. As a newcomer to terraform, I find the initial "put your credentials here" quite off-putting, even if they can be stored in variables as mentioned in the quickstart: https://www.terraform.io/intro/getting-started/build.html I want to have my credentials all in one place instead of copied over different formats that terraform (or potentially other software) can understand. |
|
Seems like having credentials in one place instead of 2+ would be more secure too. |
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further. |
ghost
locked and limited conversation to collaborators
The AWS CLI uses a standard way of configuring credentials, via an INI file in
~/.aws/config. For convenience and compatibility, terraform could populate the provider attributes from these settings when not explicitly set. This would allow an easy transition from the AWS cli tools, and encourage users to keep credentials out of their code (!!!)This should also honor the various ENV vars that point to the proper config file (AWS_CONFIG_FILE) and enable multiple profiles.
The text was updated successfully, but these errors were encountered: