Provides an IAM access key. This is a set of credentials that allow API requests to be made as an IAM user.
resource "aws_iam_access_key" "lb" { user = "${aws_iam_user.lb.name}" pgp_key = "keybase:some_person_that_exists" } resource "aws_iam_user" "lb" { name = "loadbalancer" path = "/system/" } resource "aws_iam_user_policy" "lb_ro" { name = "test" user = "${aws_iam_user.lb.name}" policy = <<EOF { "Version": "2012-10-17", "Statement": [ { "Action": [ "ec2:Describe*" ], "Effect": "Allow", "Resource": "*" } ] } EOF } output "secret" { value = "${aws_iam_access_key.lb.encrypted_secret}" }
The following arguments are supported:
user
- (Required) The IAM user to associate with this access key. pgp_key
- (Optional) Either a base-64 encoded PGP public key, or a keybase username in the form keybase:some_person_that_exists
. In addition to all arguments above, the following attributes are exported:
id
- The access key ID. user
- The IAM user associated with this access key. key_fingerprint
- The fingerprint of the PGP key used to encrypt the secret secret
- The secret access key. Note that this will be written to the state file. Please supply a pgp_key
instead, which will prevent the secret from being stored in plain text encrypted_secret
- The encrypted secret, base64 encoded. ~> NOTE: The encrypted secret may be decrypted using the command line, for example: terraform output encrypted_secret | base64 --decode | keybase pgp decrypt
. ses_smtp_password
- The secret access key converted into an SES SMTP password by applying AWS's documented conversion algorithm. status
- "Active" or "Inactive". Keys are initially active, but can be made inactive by other means.
© 2018 HashiCorpLicensed under the MPL 2.0 License.
https://www.terraform.io/docs/providers/aws/r/iam_access_key.html