Reputation: 165
Terraform provider for AWS: refreshing token for assume_role
How can configure terraform provider for AWS to make sure it will automatically re-new session if the current session will expire?
Here https://registry.terraform.io/providers/hashicorp/aws/latest/docs I cannot find any information about refreshing mechanism and AWS says https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html
“You must make sure that you get a new set of credentials before the old ones expire. In some SDKs, you can use a provider that manages the process of refreshing credentials for you; check the documentation for the SDK you're using.”
I found this thread https://github.com/hashicorp/terraform/issues/5927#issuecomment-436475932 and it is explained that somehow it is already implemented but where I can find more information about how refreshing mechanism works for terraform aws?
Upvotes: 0
Views: 521
Answers (1)
Reputation: 21
Use https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/rotating
resource "time_rotating" "example" {
rotation_minutes = 10
}
https://discuss.hashicorp.com/t/periodically-recreate-tls-private-key/27058
Upvotes: 0
Related Questions
- Terraform and AWS Assume Role
- Terraform failed API authorization
- Terraform unable to assume roles with MFA enabled
- Terraform Refresh after manual change
- Terraform assume role despite correct IAM setup
- Running Terraform apply aws_ecs_task_definition fails with Error: ClientException: Role is not valid
- Update terraform resource after provisioning
- How to make Terraform use the AWS credential_process?
- How to reload the terraform provider at runtime to use the different AWS profile
- terraform keeps overwriting token for kubernetes provider