StevieHyperB
Reputation: 347
Terraform - AWS EC2 IAM Roles
Looking to run Terraform using IAM roles in AWS, removing access/shared keys etc. Am I doing this right, something feels a bit odd.
So I have my aws_provider.tf
provider "aws" {
region = "${var.aws_region}"
assume_role {
role_arn = "${var.aws_terraform_admin_role}"
}
}
Unless I actually give me EC2 instance running Terraform that role it won't work.
Am I missing something here, I am thinking on the AWS side and IAM Roles? Shouldn't Terraform be able to assume the IAM Role without the EC2 instance being assigned it? Do I need to great another role to allow switching between roles?
Or is this as it should be?
Thanks
Upvotes: 0
Views: 794
Answers (1)
Brandon Miller
Reputation: 5065
Your EC2 instance needs an instance role that gives it rights to assume the role you want to use for Terraform. For example:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Statement11111",
"Effect": "Allow",
"Action": "sts:AssumeRole",
"Resource": "arn:aws:iam::11111111111:role/TerraformRole"
}
]
}
Upvotes: 1
Related Questions
- Terraform aws assume role
- Terraform assume role despite correct IAM setup
- AWS IAM Trusted entities
- How do I create an IAM role in Terraform for Amazon ECR?
- How can i provision IAM Role in aws with terraform?
- Terraform: Attaching an unmanaged IAM role
- Create and attach IAM role to EC2 using terraform
- Creating an AWS Service Role with Terraform
- How to create roles in terraform
- Terraform using IAM role assume