New users should know it's possible to save credentials outside of tf configs (#12968)
Terraform will automatically search for AWS API credentials or Instance Profile Credentials. I wish I'd known that when I first read these docs. Saving credentials outside of tf config files is a much better plan for situations where config files end up in source control and or where multiple people collaborate. Making this information available early will allow new users to set up a much more secure and robust plan for deploying terraform at scale and in production environments.
This commit is contained in:
parent
d0bb43e0e2
commit
87d6935780
|
@ -74,6 +74,16 @@ AWS access key and secret key, available from
|
||||||
We're hardcoding them for now, but will extract these into
|
We're hardcoding them for now, but will extract these into
|
||||||
variables later in the getting started guide.
|
variables later in the getting started guide.
|
||||||
|
|
||||||
|
~> **Note**: If you simply leave out AWS credentials, Terraform will
|
||||||
|
automatically search for saved API credentials (for example,
|
||||||
|
in `~/.aws/credentials`) or IAM instance profile credentials.
|
||||||
|
This option is much cleaner for situations where tf files are checked into
|
||||||
|
source control or where there is more than one admin user.
|
||||||
|
See details [here](https://aws.amazon.com/blogs/apn/terraform-beyond-the-basics-with-aws/).
|
||||||
|
Leaving IAM credentials out of the Terraform configs allows you to leave those
|
||||||
|
credentials out of source control, and also use different IAM credentials
|
||||||
|
for each user without having to modify the configuration files.
|
||||||
|
|
||||||
This is a complete configuration that Terraform is ready to apply.
|
This is a complete configuration that Terraform is ready to apply.
|
||||||
The general structure should be intuitive and straightforward.
|
The general structure should be intuitive and straightforward.
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue