avatarGuillermo Musumeci

Summary

The web content provides a step-by-step guide on how to create an IAM user in AWS and configure Terraform to use static AWS credentials.

Abstract

The article titled "How to create an IAM account and configure Terraform to use AWS static credentials?" outlines the process of setting up Terraform to work with Amazon Web Services (AWS) using static credentials. It begins by listing the various methods of configuring the Terraform provider for AWS, including static credentials, environment variables, shared credentials file, and EC2 Role, before focusing on static credentials. The author details the four-step process: generating an IAM user for Terraform, setting permissions, creating variables in a variables.tf file, and updating the provider configuration in main.tf or provider.tf. The guide emphasizes security best practices, such as avoiding the use of AdministratorAccess in production environments and excluding terraform.tfvars from version control systems when storing Terraform scripts in code repositories.

Opinions

  • The author suggests that using the AdministratorAccess policy should be avoided in production environments and recommends creating custom policies with limited access for security reasons.
  • The article implies that using static credentials is a valid and practical approach for configuring the Terraform provider, despite the availability of other methods.
  • It is recommended to add tags to the IAM account for better organization and management, although this step can be skipped.
  • The author encourages readers to show appreciation for the post by clicking the clap button if they find the content helpful, indicating a desire for feedback and engagement from the audience.

How to create an IAM account and configure Terraform to use AWS static credentials?

The first step to launch a Terraform script in Amazon Web Services (AWS) is to configure the Terraform provider.

There are several options to configure the provider for AWS:

  • Static credentials
  • Environment variables
  • Shared credentials file
  • EC2 Role

In this article, I’m going to show how to configure the Terraform provider using static credentials.

The Terraform provider looks like this:

provider "aws" {
  region     = "eu-west-1"
  access_key = "my-aws-access-key"
  secret_key = "my-aws-secret-key"
}

The process to configure the Terraform provider is divided into 4 steps:

  1. Generate an IAM user to use with Terraform

Open the AWS Console and type IAM in the search box.

Search for IAM

Then, at the IAM dashboard (left side of the screen), select the Users section and then click on the Add User button.

Here, enter a user name and enable the Programmatic Access checkbox and click the Next: Permissions button.

Create a user for Terraform

Then, select Attach existing policies directly button and choose a policy, in this case, because is a Development environment, I will select AdministratorAccess.

Important: please don’t select AdministratorAccess, for production environments, instead create a custom policy with very limited access to just required AWS services. Click the Next: Tags button.

Attach the policy to the IAM account

Add Tags to the account (if you want) or skip the Tags page and click on the Next:Review button

Review page

Click the Create User button to display your AWS credentials and the Show link to see your Secret access key.

Copy both Access key ID and Secret access key or download the .CSV file with the credentials.

Show AWS Credentials

2. Let back to our favorite code editor. We will need to create 3 variables in the variables.tf file:

variable "aws_access_key" {
  type = string
  description = "AWS access key"
}
variable "aws_secret_key" {
  type = string
  description = "AWS secret key"
}
variable "aws_region" {
  type = string
  description = "AWS region"
}

3. Create or update your terraform.tfvars with your AWS credentials, from step 1.

Important: if you are planning to use a code repository to store your Terraform scripts, configure your .gitignore file the exclude the terraform.tfvars file.

# AWS Settings
aws_access_key = "AKIAxxxxxxxxxxxxxxxx"
aws_secret_key = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
aws_region     = "eu-west-1"

4. Update the provider section, usually in your main.tf or provider.tf, file to use the AWS Settings.

provider "aws" {
  region     = var.aws_region
  access_key = var.aws_access_key
  secret_key = var.aws_secret_key
}

Thank you for reading! If this post was helpful, please click the clap 👏 button below!

AWS
Terraform
Aws Credentials
Aws Iam
Terraform Provider
Recommended from ReadMedium
avatarNurunnubi Talukder
Top 5 High-Paying DevOps Skills to Master for 2025!!

In the fast-paced DevOps world, staying ahead requires more than just keeping up with trends; it means mastering the right skills. As 2025…

3 min read
avatarMark Tinderholt
Building a Baseline Azure Environment with Terraform

Not everybody has the luxury of starting fresh, but if you’re going to start fresh and want to keep it simple but still have a good…

10 min read
avatarAlexander Nguyen
I Wrote On LinkedIn for 100 Days. Now I Never Worry About Finding a Job.

Everyone is hiring.

6 min read
avatarSam Azgor
AWS IAM Policy to allow user to create IAM Roles

Are you looking for a policy to allow a user to create IAM Roles from both the management console (AWS website), and from AWS CLI?

3 min read
avatarRahul Sharma
I have Asked This SSH Question in Every AWS Interview — And Here’s the Catch

When I interview people, I always ask questions about problems that people face in the real world.

6 min read
avatarJeff Anderson
Provision AWS EC2 With Terraform

The Goal:

6 min read