How to add temporary AWS session tokens in Terraform

CircleCI provides a Terraform configuration to allow you to easily orchestrate the CircleCI Server cluster in your AWS environment. By default, our Terraform scripts requires two keys for authentication, the access_key and secret_key. If your team's security policies require the use of a temporary AWS session token, it can easily be added by modifying the following terraform files and templates. 

 

 variables.tf

Input variables are declared in this file. We strongly advise that you only parameterize your aws_session_token variable and that you should never directly hard code your secrets here to further prevent exposing your keys and tokens. 

variable "aws_session_token" {
description = "Temporary session token used to create instances"
}

 

circle.tf

You will need to assign the Terraform token argument to the aws_session_token variable within the AWS provider object in this file. 

provider "aws" {
access_key = var.aws_access_key
secret_key = var.aws_secret_key
token = var.aws_session_token
region = var.aws_region
}

 

terraform.tfvars

Your aws_session_token must be assigned in this file. This file is safe to add your keys and tokens as it will be ignored in the event you accidentally check it into version control. 

#####################################
# 1. Required Cloud Configuration
#####################################

aws_session_token = "..."
aws_access_key = "..."
aws_secret_key = "..."
aws_region = "..."
aws_vpc_id = "..."
aws_subnet_id = "..."
aws_ssh_key_name = "..."

 

Was this article helpful?
1 out of 1 found this helpful

Comments

0 comments

Please sign in to leave a comment.