Commit Graph

29 Commits

Author SHA1 Message Date
Kerim Satirli dfb85fb0d7 changing AWS_SECURITY_TOKEN to AWS_SESSION_TOKEN (#8816)
I noticed that Terraform is not (anymore) parsing the value of environment variable `AWS_SECURITY_TOKEN` (which was re-added in May 2015: https://github.com/hashicorp/terraform/pull/1785)

Example ENV:

```
AWS_SECURITY_TOKEN="FQo...vgU="
AWS_ACCESS_KEY_ID="A...A"
AWS_SECRET_ACCESS_KEY="I...t"
AWS_DEFAULT_REGION="eu-west-1"
```
This errors with messages akin to "AWS was not able to validate the provided access credentials".

Setting `AWS_SESSION_TOKEN` instead of `AWS_SECURITY_TOKEN` on the other hand works just fine and seems to be in line with what is suggested in the code: d1ac7d3b2e/vendor/github.com/aws/aws-sdk-go/aws/credentials/env_provider.go (L69), making this whole thing a documentation change.

Happy to provide test cases or additional insights though!
2016-09-13 13:04:46 -05:00
Radek Simko 43de2afde1
docs: Fix misspelled words 2016-09-12 07:08:00 +01:00
James Nugent e3ccb51168 provider/aws: Add assume_role block to provider
This replaces the previous `role_arn` with a block which looks like
this:

```
provider "aws" {
        // secret key, access key etc

	assume_role {
	        role_arn = "<Role ARN>"
		session_name = "<Session Name>"
		external_id = "<External ID>"
	}
}
```

We also modify the configuration structure and read the values from the
block if present into those values and adjust the call to AssumeRole to
include the SessionName and ExternalID based on the values set in the
configuration block.

Finally we clean up the tests and add in missing error checks, and clean
up the error handling logic in the Auth helper functions.
2016-09-03 12:54:30 -07:00
Ian Duffy 767914bbdc [GH-1275] Support for AWS access via IAMs AssumeRole functionality
This commit enables terraform to utilise the assume role functionality
of sts to execute commands with different privileges than the API
keys specified.

Signed-off-by: Ian Duffy <ian@ianduffy.ie>
2016-09-02 10:22:57 -07:00
Renier Morales ef9f3a45b1 Add S3 endpoint override ability and expose S3 path style option (#7871)
* Overriding S3 endpoint - Enable specifying your own
  S3 api endpoint to override the default one, under
  endpoints.
* Force S3 path style - Expose this option from the aws-sdk-go
  configuration to the provider.
2016-08-12 17:52:12 +01:00
Radek Simko d1272808d8
aws/docs: Document new skip_* fields 2016-08-10 17:30:49 +01:00
Radek Simko d23fac3a28 aws: Update docs after #6385 (account ID via sts) 2016-05-05 17:51:44 +01:00
Colin Hebert f1f602cdf6 aws: Enable account ID check for assumed roles + EC2 instances 2016-04-27 12:56:03 +02:00
Hasan Türken 766dac4d79 update documentation 2016-02-12 09:56:48 -06:00
Hasan Türken e41266e971 Move endpoint options into endpoints block 2016-02-12 09:38:21 -06:00
Hasan Türken 231604e8b7 support custom endpoints for AWS EC2 ELB and IAM 2016-02-12 09:35:50 -06:00
Rich Burroughs cb537e9d7d fixed typo in AWS docs, export was misspelled 2016-02-04 15:43:42 -08:00
clint shryock 70fae670b7 Update auth page for AWS 2016-01-29 09:09:24 -06:00
clint shryock 45c9a10d0f provider/aws: Provide a better message if no AWS creds are found 2016-01-27 16:30:03 -06:00
James Nugent ace215481a provider/aws: Add profile to provider config
This allows specification of the profile for the shared credentials
provider for AWS to be specified in Terraform configuration. This is
useful if defining providers with aliases, or if you don't want to set
environment variables. Example:

$ aws configure --profile this_is_dog
... enter keys

$ cat main.tf
provider "aws" {
    profile = "this_is_dog"

    # Optionally also specify the path to the credentials file
    shared_credentials_file = "/tmp/credentials"
}

This is equivalent to specifying AWS_PROFILE or
AWS_SHARED_CREDENTIALS_FILE in the environment.
2016-01-14 15:39:35 +00:00
mcinteer 64d982ac9e Change the docs as the token can be explicitly set
This tripped me up today when I was trying to connect using MFA. I had a look at the source and found the token property, tested it out and low and behold it worked! 

Hopefully this saves someone else going through the same pain
2015-11-10 11:27:45 +13:00
Garrett Heel 9c2725e0a5 provider/aws: allow local kinesis 2015-10-13 14:29:50 -07:00
Pavel Vaněček d649af8813 Update AWS provider documentation
Changed `AWS_SECURITY_TOKEN` to `AWS_SESSION_TOKEN`
2015-08-05 14:40:26 +02:00
Pablo Cantero 2f6d20837f dynamodb-local Update aws provider docs to include the `dynamodb_endpoint` argument 2015-07-29 13:33:51 -03:00
Koen De Causmaecker 398c22adcd aws: make MaxRetries for API calls configurable
- Make it configurable in the AWS provider by add an option
  'max_retries'.
- Set the default from 3 to 11 retries.
2015-05-03 15:35:51 +02:00
Mitchell Hashimoto 5dcf639fc8 website: remove forbidden account IDs from aws docs 2015-04-22 08:09:04 +02:00
Radek Simko 150fd00932 AWS account ID protection added 2015-04-20 12:07:39 +01:00
Mitchell Hashimoto 16cafe9d46 website; clarify where the args go for AWS [GH-853] 2015-03-03 17:35:54 -08:00
Mitchell Hashimoto 9efd20cd7c website: document MFA token for AWS [GH-390] 2015-03-03 17:31:45 -08:00
Seth Vargo 5713b7abcc Remove extra newline 2015-01-22 16:09:26 -05:00
Seth Vargo 038d241043 Update the documentation to read the new AWS environment variables 2015-01-22 16:09:25 -05:00
Seth Vargo 073a0f76c5 Add meta descriptions to all pages 2014-10-21 23:21:56 -04:00
Armon Dadgar ae1fc27cc0 website: AWS Provider 2014-07-23 15:14:35 -04:00
Armon Dadgar f934a1004d website: Starting to add providers 2014-07-23 14:50:44 -04:00