There is a terraform lab where we have to enter region, access_key and secret_key in aws provider. What is the best way to do so without hardcoding the values, considering the values are present in the .aws folder?
Hi @sushant-kk
Hardcoding credentials is not a recommended approach in any Terraform configuration.
Can you please share the link to the lab that asks for using the credentials in a configuration file?
Terraform looks for credentials in the order outlined here, which is in line with how AWS CLI looks for creds.
Env variables like AWS_ACCESS_KEY_ID , and AWS_SECRET_ACCESS_KEY can be used. The linked doc explains other mechanisms, such as passing a shared_credentials_file among others.
Thank you for the response!
The task I am talking about is # Learn By Doing: AWS Workshop with Terraform > 2nd Module > 1st Lab > 11th task
The task:
We have created a provider configuration file for AWS within the terraform-projects folder. Inspect this file and fill in the actual values for region, access_key and secret_key.
What I understand is if AWS CLI configuration is done correctly, the provider will automatically pick the values for access_key and secret_key.
Hi,
The provider will work correctly with the configuration stored in the .aws/config file. This means you don’t need to input the keys in the Terraform repository; they are only stored on your local computer. For example, think of the VSCode in the lab as your local computer, and the configuration is stored only in /root/.aws/config on it.
There is a note in Lab Overview that discusses the recommended approach of using ENV Vars for credentials. The lab does not accept ENVs.
I’ll raise this internally and try to get it fixed.
Thanks