Adding temporary AWS Tokens in Terraform
CircleCI provides a Terraform configuration to allow you to easily orchestrate the CircleCI Server cluster in your AWS environment. By default, our Terraform scripts require two keys for authentication, the access_key
and secret_key
. If your team's security policies require the use of a temporary AWS session token, it can easily be added by modifying the following terraform files and templates.
variables.tf
Input variables are declared in this file. We strongly advise that you only parameterize your aws_session_token
variable and that you should never directly hard code your secrets here to further prevent exposing your keys and tokens.
variable "aws_session_token" {
description = "Temporary session token used to create instances"
}
circle.tf
You will need to assign the Terraform token
argument to the aws_session_token
variable within the AWS provider object in this file.
provider "aws" {
access_key = var.aws_access_key
secret_key = var.aws_secret_key
token = var.aws_session_token
region = var.aws_region
}
terraform.tfvars
Your aws_session_token
must be assigned in this file. This file is safe to add your keys and tokens as it will be ignored in the event you accidentally check it into version control.
#####################################
# 1. Required Cloud Configuration
#####################################
aws_session_token = "..."
aws_access_key = "..."
aws_secret_key = "..."
aws_region = "..."
aws_vpc_id = "..."
aws_subnet_id = "..."
aws_ssh_key_name = "..."
Comments
Article is closed for comments.