Hello lad
Reputation: 18790
Terraform can bypass MFA constraint on AWS IAM
I use Terraform to manage AWS Resources.
Terraform calls an administrative IAM User who has been MFA locked. But the terraform apply and terraform destroy commands from my local computer succeed without inputting a unique authentication code.
So, does Terraform bypass the multi-factor authentication?
Upvotes: 4
Views: 1726
Answers (1)
ITAdminNC
Reputation: 219
Terraform is usually setup using API credentials. By default, MFA does not apply to API calls. You should setup and assume a role provisioned exclusively for this if you would like to enable multi-factor authentication on API calls for specific requests (TerminateInstances for example).
For more information, see:
AWS Blog: How to Enable MFA Protection on Your AWS API Calls
Upvotes: 6
Related Questions
- How do I configure AWS MFA for Terraform?
- Azure: How to setup multi factor authentication policy in Azure using Terraform?
- Terraform unable to assume roles with MFA enabled
- Unable to use terraform with AWS IAM role with MFA configuration
- multiple iam users in terraform
- How to create AWS IAM service account with access and secret keys using terraform
- multiple IAM user creation in terraform
- Terraform - AWS permission boundary using IAM variables for multi account
- Terraform aws_instance specify login credentials
- Use IAM role instead of credentials to create aws resource from an EC2 instance using terraform