AWS Provider: support ~/.aws/config

[cjeanneret]

Hello,

Currently, aws provider supports the "profile" setting, allowing to pass directly a profile instead of the access keys. That works well.
Apparently, it directly goes in the ~/.aws/credentials file in order to take the matching authentication information. The file format is as follow:

[profile_name1]
aws_access_key_id= ....
aws_secret_access_key = ...
[profile_name2]
aws_access_key_id= ....
aws_secret_access_key = ...

So far, so good, it just works.

Now, there's a second file in ~/.aws directory: config.
This one has a small difference regarding its structure and information:

[profile profile_name1]
region = eu-west-1
[profile profile_name2]
region = us-west-1

As you might guess, credentials shouldn't be in that file, but there are other stuff, like the region.
Currently, when we use the AWS provider, we ask the user for the profile name in order to get the credentials, but we still have to fix the region on the tf file.

It would be great if Terraform could take advantage of the ~/.aws/config file as well in order to find the region and, maybe, other specificities we might put in there in order to auto-complet the provider configuration.

Apparently, there are a lot of possibilities, and that would also allow to set the "region" to non-required, like the profile and access keys.

Thank you!

Cheers,

C.

[bellkev]

I'm seeing this too. It looks like

terraform/builtin/providers/aws/provider.go

Lines 59 to 62 in 1bd8b44

	DefaultFunc: schema.MultiEnvDefaultFunc([]string{
	"AWS_REGION",
	"AWS_DEFAULT_REGION",
	}, nil),

only handles env vars, so "or via a shared credentials file if profile is specified." in the docs is currently inaccurate for AWS region.

[levenaux]

I think this could be related to #6819

[syedaali]

+1 on Terraform reading region from AWS config file for the 'provider' loop instead of hard coding it in the Terraform file, or inputting as a variable through some other means. Right now I am doing something like this:

provider "aws" {
profile = "${var.awsprofile}"
region = "us-west-2"
}

I would like to be able to do:

provider "aws" {
profile = "${var.awsprofile}"
region = "${var.awsprofile.region}"
}

My AWS config file looks like this:

[profile my_aws_profile_name]
output=json
region=us-west-2

[evanstachowiak]

For what it's worth, this also makes the "aws_region" data source useless (which would have been great to use). Trying to use the provider with the aws_region data source results in a cycle:
* Cycle: provider.aws, data.aws_region.current

[craiglink]

just submitted this pull request to add support for .aws/config - #11734

[sirditschonweg]

Hello everybody,
I'm trying to install a server by Terraform automatically and then to raise the domain.
Everything works but I can not find the point Domain Join.
Thank you for any idea.
greeting
Jan

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.