Reputation: 2819
Terraform AWS credentials file not found
In reading the docs over at Terraform it says there are 3 options for finding AWS credientials:
- Static Credentials( embedded in the source file )
- Environment variables.
- From the AWS credentials file
I am trying to have my setup just use the credential file. I've checked that the environment variables are cleared and I have left the relevant variables in Terraform blank.
When I do this and run 'Terraform Plan' I get the error:
No Valid credential sources found for AWS Provider.
I've even tried adding the location of my credentials file into my provider block and that didn't help either:
provider "aws" {
region = "${var.region}"
profile = "${var.profile}"
shared_credentials_file = "/Users/david/.aws/credentials"
profile = "testing"
}
Is there something I'm missing to get Terraform to read this file and not require environment variables?
Upvotes: 21
Views: 61871
Answers (6)
Reputation: 947
In ~/.aws/credentials
[your_profile_name]
aws_access_key_id = XXX
aws_secret_access_key = XXX
In main.tf
provider "aws" {
region = "us-east-1"
profile = "your_profile_name"
}
In variales.tf
variable "aws_credentials_path" {
description = ".aws/credentials"
default = "~/.aws/credentials"
}
$ terraform init
Upvotes: 0
Reputation: 11597
If you just need a very quick fix without setting Terraform,
As suggested in a comment, just type this in your terminal :
export AWS_ACCESS_KEY_ID="xxxxxxxxxxxxx"
export AWS_SECRET_ACCESS_KEY="xxxxxxxxxxxxxxxxxxxxxxxxxx"
export AWS_DEFAULT_REGION="your-region-1"
Upvotes: 3
Reputation: 30734
(Terraform v0.14.2, macOS 11.0.1)
I needed to do:
AWS_ACCESS_KEY_ID=... AWS_SECRET_ACCESS_KEY=... terraform plan
Which was strange to me, because my ~/.aws is in order, as are my .tf-s. ¯_(ツ)_/¯
Upvotes: 1
Reputation: 104
I just had this same problem with terraform aws provider (2.12.0) and this is how I solved it.
In my case the provider couldn't handle that my default profile in $HOME/.aws/credentials did NOT have my access key and secret but it had a "source_profile" in it instead. It seems the terraform aws provider cannot handle this (yet this works for Java SDK and AWS CLI just fine since I've had this setup for awhile now).
Here is what I had that didn't work, notice the default profile has a role_arn and source_profile:
[default]
role_arn = arn:aws:iam::<ACCT_ID>:role/readonly
source_profile = account
region = us-east-1
[other-profile]
role_arn = arn:aws:iam::<ACCT_ID>:role/other-role
source_profile = account
region = us-east-1
[account]
region = us-east-1
aws_access_key_id=****
aws_secret_access_key=****
I changed it to the following which resulted in the aws provider working for me. Notice I consolidated two profiles into the "default" profile:
[other-profile]
role_arn = arn:aws:iam::<ACCT_ID>:role/other-role
source_profile = default
region = us-east-1
[default]
region = us-east-1
aws_access_key_id=****
aws_secret_access_key=****
role_arn = arn:aws:iam::<ACCT_ID>:role/readonly
source_profile = default
This seems to work fine for the AWS CLI (defaults to the readonly role and supports switching to "other-profile") as well as allowing terraform to read credentials correctly.
Upvotes: 0
Reputation: 2819
To get multiple profiles to work with Terraform make sure that you supply the
aws_access_key_id
piece to your profile declaration. Each profile should look like this:
[profile_name]
aws_access_key=*****
aws_secret_access_key****
aws_access_key_id=*****
Technically you don't even need the aws_access_key as it seems the id version is what the underlying aws cli needs. Maybe it was me, but that was never clear in the documents I read.
Upvotes: 2
Reputation: 1645
I tested with Terraform v0.6.15 and its working fine.
Issue must be with the profile. Check the following.
1. Remove 2 profile tags from your provider.
provider "aws" {
region = "${var.region}"
shared_credentials_file = "/Users/david/.aws/credentials"
profile = "testing"
}
2. Make sure your credentials file /Users/david/.aws/credentials is in the below format, where testing is the profile you are specifying in provider "aws"
[testing]
aws_access_key_id = *****
aws_secret_access_key = *****
Upvotes: 14
Related Questions
- Amazon S3 - How to fix 'The request signature we calculated does not match the signature' error?
- Error while configuring Terraform S3 Backend
- Jenkins Terraform Pipeline failed to refresh cached credentials, no EC2 IMDS role found
- Terraform throws Invalid Terraform AWS provider credentials error
- How to make Terraform to read AWS Credentials file?
- Invalid Terraform AWS provider credentials when passing AWS system manager parameter store variables
- Execute Terraform Plan with AWS assume_role and non-default AWS credentials
- Work with multiple profiles in provider.tf without swapping environment variables?