How to Create AWS IAM User-Profile in Terraform

Here are commands to make available IAM profile in Terraform. Terraform acts can code for infrastructure. Apart from Terraform, you can also use Python for infrastructure automation.

Workflow for Terraform API call to AWS

Terraform interacts through API calls. Below is the Terraform workflow that tells how it is.

How the Terraform interacts with AWS
How the Terraform interacts with AWS

Commands to execute Terraform code

  1. Write Terraform configuration files.
  2. Configure the AWS provider.
  3. Initialize Terraform with terraform init.
  4. Deploy the EC2 instance with terraform apply.
  5. Clean up with terraform destroy.

How to add user to IAM console

It is possible adding the user profile in AWS in two ways. One is in the management console, and the other method is in CLI and add to Terraform.

  1. Sign in to the IAM console, and choose Add User.
  2. Select the check box for AWS Management Console access, select Custom Password, and type in your new password.
  3. On the Permissions page, either directly attach the AdministratorAccess policy or add the user to a group that already has this policy.

Under the Security Credentials tab, you can then create access keys to authenticate against AWS service APIs. You can either set these directly as environment variables (AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY) place them in an AWS config file. If you choose the second option, you will first need to install the AWS CLI.

Click to read how to install AWS CLI.

Command to update configuration file

The following sample code configures credentials via the CLI. Replace the access keys and region with your own:

$ aws configure-profile tf-user1
AKIAIOSFODNN7EXAMPLE # access key
wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY # security key
Default region name [None]: us-west-2
Default output format [None]: json
The credentials are stored in credentials file:


[tf-user1]
output = json
region = us-west-2
aws_access_key_id = AKIAIOSFODNN7EXAMPLE
aws_secret_access_key = wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

Command to make available AWS Profile in Terraform

Now that you’ve obtained credentials and stored them in a profile, you can use them in Terraform. You can do this by declaring a provider block:


r "aws" {
  profile = "tf-user1"
}

Now the new IAM user can access the AWS.

Related

References

Author: Srini

Experienced software developer. Skills in Development, Coding, Testing and Debugging. Good Data analytic skills (Data Warehousing and BI). Also skills in Mainframe.