New users should know it's possible to save credentials outside of tf configs (#12968)

Terraform will automatically search for AWS API credentials or Instance Profile Credentials. I wish I'd known that when I first read these docs.
Saving credentials outside of tf config files is a much better plan for situations where config files end up in source control and or where multiple people collaborate. Making this information available early will allow new users to set up a much more secure and robust plan for deploying terraform at scale and in production environments.
This commit is contained in:
Radek Simko 2017-03-22 15:30:21 +00:00 committed by GitHub
parent d0bb43e0e2
commit 87d6935780
1 changed files with 10 additions and 0 deletions

View File

@ -74,6 +74,16 @@ AWS access key and secret key, available from
We're hardcoding them for now, but will extract these into We're hardcoding them for now, but will extract these into
variables later in the getting started guide. variables later in the getting started guide.
~> **Note**: If you simply leave out AWS credentials, Terraform will
automatically search for saved API credentials (for example,
in `~/.aws/credentials`) or IAM instance profile credentials.
This option is much cleaner for situations where tf files are checked into
source control or where there is more than one admin user.
See details [here](https://aws.amazon.com/blogs/apn/terraform-beyond-the-basics-with-aws/).
Leaving IAM credentials out of the Terraform configs allows you to leave those
credentials out of source control, and also use different IAM credentials
for each user without having to modify the configuration files.
This is a complete configuration that Terraform is ready to apply. This is a complete configuration that Terraform is ready to apply.
The general structure should be intuitive and straightforward. The general structure should be intuitive and straightforward.