Error using aws s3 as version control using terraform

Question

I am trying to setup s3 as a version control system using terraform. However, I keep getting errors. I have tried defining profile and access key, secret key in my code. However, I still face the issue. How can I bypass the error? I am using Terraform v0.14.4. I am pretty much new to the terraform.

Is there something wrong with the syntax I use for the version I'm using?

Below is the code and underneath is the error that I am getting.

provider "aws" {
 region = "us-east-1"
 profile = "Default"
 aws_access_key_id = "#############"
 aws_secret_access_key = "#####################"
}

 terraform {
 backend "s3" {
 bucket = "mybucket_test998"
 key    = "terraorm.tfstate"
 region = "us-east-1"
 }
}


$ sudo terraform init

Initializing the backend...

Error: error configuring S3 Backend: no valid credential sources for S3 Backend found.

Please see https://www.terraform.io/docs/backends/types/s3.html for more information about providing credentials.

Error: NoCredentialProviders: no valid providers in chain. > Deprecated. For verbose messaging see aws.Config.CredentialsChainVerboseErrors

Answer 1

Here the issue is because , you have mentioned the "Profile" in "Provider" , but not defining \ asking S3 bucket to use same profile to pick the credentials. please try defining same profile under S3 bucket as well and that would resolve the issue. code should like below.

provider "aws" {
region = "us-east-1"
profile = "Default"
aws_access_key_id = "#############"
aws_secret_access_key = "#####################"
}

terraform {
backend "s3" {
bucket = "mybucket_test998"
key    = "terraorm.tfstate"
region = "us-east-1"
profile = "Default"
}
}


$ sudo terraform init

Answer 2

I got the exact same error even after implementing @Nick's solution. Turns out that I had put my credentials properly in my .aws/credentials file as required, but I hadn't yet saved the file ... a stupid mistake, easily remedied.

Answer 3

You need to add the profile in the second statement in your code and that should fix it if your IAM credentials have access to S3:

 terraform {
 backend "s3" {
 bucket = "mybucket_test998"
 key    = "terraorm.tfstate"
 region = "us-east-1"
 profile = "myprofilenamegoeshere"
 }
}

Now, that being said the code as you have defined is not secure. If you use version control and push yout terraform code to a repo, your access keys will be stored in it, thus you can unintentionally share them publicly on the Internet and risk malicious use.

I would recommend you to use shared_credentials_file which defaults to ~/.aws/credentials.

An easy way to configure your credentials is to use the command aws configure.

As pointed out, after you do so, terraform will read them from there automatically.