I have written a terraform code to create IAM user and my requirement is to store the access key and secret key in a S3 bucket. I have tried implementing the same via s3 cli commands, but was not of great help. Any suggestions would be appreciated
CodePudding user response:
You can use loca-exec to execute commands :
resource "null_resource" "s3_copy" {
provisioner "local-exec" {
command = "aws s3 cp keys.txt s3://bucket/keys "
}
}
CodePudding user response:
I want to point out that storing tokens in s3 can be dangerous, if not configured correctly.
Make sure that you have understood how policies in AWS and access control in s3 works!. https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html
With that out of the way, this is what I have come up with:
# The user to which we will grant access to s3
resource "aws_iam_user" "user" {
name = "s3-user"
path = "/"
}
# Create the access key
resource "aws_iam_access_key" "key" {
user = aws_iam_user.user.name
}
# Create the bucket for storing tokens
resource "aws_s3_bucket" "token" {
bucket = "my_token_bucket"
acl = "private"
}
# Create the object inside the token bucket
resource "aws_s3_bucket_object" "tokens" {
bucket = aws_s3_bucket.token.id
key = "keys.txt"
server_side_encryption = "AES256"
content_type = "text/plain"
content = <<EOF
access_id: ${aws_iam_access_key.key.id}
access_secret: ${aws_iam_access_key.key.secret}
EOF
}
I haven't tested this.