amazon web services - How do I configure AWS MFA for Terraform? -


i want perform mfa terraform it's expected ask 6-digit token virtual mfa device every terraform [command]. after reading documentation: cli-roles terraform mfa created role:

{   "version": "2012-10-17",   "statement": [     {       "effect": "allow",       "principal": {         "aws": "arn:aws:iam::[account_id]:user/testuser"       },       "action": "sts:assumerole",       "condition": {         "bool": {           "aws:multifactorauthpresent": "true"         }       }     }   ] }

this user forced use mfa default , have configured virtual mfa device him.

~/.aws/credentials:

[default] ...  [terraform_role] role_arn = arn:aws:iam::[account_id]:role/terraform-test-role source_profile = default mfa_serial = arn:aws:iam::[account_id]:mfa/testuser

in terraform environment placed following:

provider "aws" {   profile = "terraform_role" }

but when run terraform plan throws me error:

error refreshing state: 1 error(s) occurred:  * provider.aws: no valid credential sources found aws provider.   please see https://terraform.io/docs/providers/aws/index.html more information on   providing credentials aws provider

the solution specify assume_role statement:

provider "aws" {   profile = "default"   assume_role {     role_arn = "arn:aws:iam::[account_id]:role/terraform-test-role"   } }

Comments

Post a Comment

Popular posts from this blog

PHP and MySQL WP -

i trying accomplish 2 things here code. writing php directly wp page using insert php plugin. 1) query mysql database , return results 1 column 4 columns. 2) make each result own hyperlink directs user new wp page runs new query on page. i able query show results , turn results dynamic hyperlink, cannot formatting down. right returns result 1 column. here have: [insert_php] $servername = "localhost"; $username = "login"; //edited privacy $password = "password"; //edited privacy $database = "database"; //edited privacy // create connection $conn = new mysqli($servername, $username, $password, $database); // check connection if ($conn->connect_error) { die("connection failed: " . $conn->connect_error); } echo "connected successfully"; //get results database $result = mysqli_query($conn,"select mine mines order mine"); $all_property = array(); //declare array saving property //showing proper...
Read more

android - InAppBilling registering BroadcastReceiver in AndroidManifest -

i'm implementing inapp billing in android app. works well, however, i'm trying decouple broadcast receiver activity manifest. suggestion in android's trivialdrive sample: // important: dynamically register broadcast messages updated purchases. // register receiver here instead of <receiver> in manifest // because call getpurchases() @ startup, therefore can ignore // broadcasts sent while app isn't running. // note: registering listener in activity bad idea, done here // because sample. regardless, receiver must registered after // iabhelper setup, before first call getpurchases(). currently there's class extends broadcastreceiver : public class iabbroadcastreceiver extends broadcastreceiver { /** * intent action receiver should filter for. */ public static final string action = "com.android.vending.billing.purchases_updated"; private final iabbroadcastlistener mlistener; public iabbroadcastreceiver(iabbroadcastlistener listener) { m...
Read more

go - golang pprof for c library code -

i have been trying profile golang application pprof, seems details of c code(linked static library) missed in output result. flame graph from frame graph can see c code time consuming reported within "runtime._externalcode", no details @ all. , sure static library compiled debug enable. so there way make pprof details(like stack trace) of 3rd party c code? or there other golang profiling tool this?
Read more