New users should know it's possible to save credentials outside of tf configs (#12968)

Terraform will automatically search for AWS API credentials or Instance Profile Credentials. I wish I'd known that when I first read these docs. Saving credentials outside of tf config files is a much better plan for situations where config files end up in source control and or where multiple people collaborate. Making this information available early will allow new users to set up a much more secure and robust plan for deploying terraform at scale and in production environments.
2017-03-22 15:30:21 +00:00 · 2017-03-22 15:30:21 +00:00 · 87d6935780
parent d0bb43e0e2
commit 87d6935780
1 changed files with 10 additions and 0 deletions
--- a/website/source/intro/getting-started/build.html.md
+++ b/website/source/intro/getting-started/build.html.md
@ -74,6 +74,16 @@ AWS access key and secret key, available from
 We're hardcoding them for now, but will extract these into
 variables later in the getting started guide.

+~> **Note**: If you simply leave out AWS credentials, Terraform will
+automatically search for saved API credentials (for example,
+in `~/.aws/credentials`) or IAM instance profile credentials.
+This option is much cleaner for situations where tf files are checked into
+source control or where there is more than one admin user.
+See details [here](https://aws.amazon.com/blogs/apn/terraform-beyond-the-basics-with-aws/).
+Leaving IAM credentials out of the Terraform configs allows you to leave those
+credentials out of source control, and also use different IAM credentials
+for each user without having to modify the configuration files.
+
 This is a complete configuration that Terraform is ready to apply.
 The general structure should be intuitive and straightforward.