2
我想爲Terraform執行MFA,因此需要爲每個terraform [command]
從我的虛擬MFA設備詢問6位令牌。閱讀文檔後: cli-roles terraform mfa 我創建了一個角色:如何爲Terraform配置AWS MFA?
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::[ACCOUNT_ID]:user/testuser"
},
"Action": "sts:AssumeRole",
"Condition": {
"Bool": {
"aws:MultiFactorAuthPresent": "true"
}
}
}
]
}
該用戶被強制默認使用MFA和我有一個配置的虛擬MFA設備他。
〜/ .aws /憑證:
[default]
...
[terraform_role]
role_arn = arn:aws:iam::[ACCOUNT_ID]:role/terraform-test-role
source_profile = default
mfa_serial = arn:aws:iam::[ACCOUNT_ID]:mfa/testuser
我Terraform環境
我把以下內容:
provider "aws" {
profile = "terraform_role"
}
但是當我運行terraform plan
它將引發我一個錯誤:
Error refreshing state: 1 error(s) occurred:
* provider.aws: No valid credential sources found for AWS Provider.
Please see https://terraform.io/docs/providers/aws/index.html for more information on
providing credentials for the AWS Provider
是否創建了一個說明配置文件的'.config'文件? – Malice
@Malice在我的'〜/ .aws/config'文件中我只有'[default] region = us-east-1 output = json' contents –
您需要爲'terraform_role'創建一個新的配置文件 – Malice