gpt4 book ai didi

amazon-web-services - 如何为 Terraform 配置 AWS MFA?

转载 作者:行者123 更新时间:2023-12-04 20:31:18 26 4
gpt4 key购买 nike

我想为 Terraform 执行 MFA,因此预计每个 terraform [command] 都会从我的虚拟 MFA 设备中询问 6 位 token 。 .阅读文档后:
cli-roles
terraform mfa
我创建了一个角色:

{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::[ACCOUNT_ID]:user/testuser"
},
"Action": "sts:AssumeRole",
"Condition": {
"Bool": {
"aws:MultiFactorAuthPresent": "true"
}
}
}
]
}

该用户默认强制使用 MFA,我为他配置了虚拟 MFA 设备。

~/.aws/凭证:
[default]
...

[terraform_role]
role_arn = arn:aws:iam::[ACCOUNT_ID]:role/terraform-test-role
source_profile = default
mfa_serial = arn:aws:iam::[ACCOUNT_ID]:mfa/testuser

在我的 Terraform 环境中,我放置了以下内容:
provider "aws" {
profile = "terraform_role"
}

但是当我运行时 terraform plan它给我一个错误:
Error refreshing state: 1 error(s) occurred:

* provider.aws: No valid credential sources found for AWS Provider.
Please see https://terraform.io/docs/providers/aws/index.html for more information on
providing credentials for the AWS Provider

最佳答案

解决方案是指定一个 assume_role陈述:

provider "aws" {
profile = "default"
assume_role {
role_arn = "arn:aws:iam::[ACCOUNT_ID]:role/terraform-test-role"
}
}

关于amazon-web-services - 如何为 Terraform 配置 AWS MFA?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/45690190/

26 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com