Never hardcode your AWS credentials directly in your Terraform files. Use environment variables, shared credentials files, or IAM roles to manage your credentials securely.
While other secure methods can be found from the official Terraform webpage at Link, I will show you how to configure with “Shared Configuration and Credentials Files” method below.
When AWS CLI is installed, it creates a folder called .aws to manage credentials and profiles.
– It can be accessed from the path of “$HOME/.aws/config” and “$HOME/.aws/credentials” if you are Linux user.
– For Windows users, it is “%USERPROFILE%\.aws\config” and “%USERPROFILE%\.aws\credentials”
In this method, store credentials in the ~/.aws/credentials
file. This file can hold multiple profiles, and you can specify which profile to use in your Terraform configuration.
The secure way is to create an AWS profile locally and utilise it in the terraform configuration.
Use the following commands to create a profile.
➜ bh1 git:(master) ✗ aws configure --profile terraform_bh1
AWS Access Key ID [None]: AKIAU[...]MLZNKH5W
AWS Secret Access Key [None]: nzx6iXp1[...]0QrU34thyVPh
Default region name [None]: us-east-1
Default output format [None]:
Note: It can be verified whether the profile is added to the AWS credentials by checking ~/.aws/config
and ~/.aws/credentials
Terraform configuration settings
Although you can embed the connection config section directly in the .tf file alongside where you define resources, it is better to have more modular approach keep the connection configuration in a separate file.
Create a file in the same level as the other terraform file where the resources are defined.
Give it a name, such as main.tf
Use the following lines and replace it with your credentials you obtain from AWS.
provider "aws" {
profile = "terraform_bh1"
region = "us-east-1"
}
Conclusion
Securing authentication and configuration in Terraform for AWS is essential for maintaining the integrity and security of your infrastructure. By using environment variables, IAM roles, AWS Secrets Manager, encryption, and adhering to the principle of least privilege, you can ensure that your Terraform configurations are both secure and efficient. These practices help in safeguarding your infrastructure against unauthorized access and potential security breaches.
Serdar Baran
As businesses increasingly rely on cloud infrastructure, securing it with best practices becomes crucial to building the future of technology. – that’s where I come in.
With a strong foundation in cloud security best practices, network security and architectural design, I provide cloud infrastructure solutions tailored safeguard your digital assets against evolving cyber threats.
Let’s connect and discuss how we can collaborate to create secure and efficient cloud solutions.