Funmilayo Fagoyinbo
Adefunmi's Cloud View


Adefunmi's Cloud View

How to Configure and Authenticate a User for Terraform AWS Provider

How to Configure and Authenticate a User for Terraform AWS Provider

Funmilayo Fagoyinbo's photo
Funmilayo Fagoyinbo
·Jan 28, 2023·

6 min read

Table of contents

  • Prerequisites
  • Creation of IAM User and Access Keys on AWS Console
  • Authentication and Configuration on the VM
  • Conclusion
  • Resources

When deploying infrastructures with Terraform, there is a vital part of the process that has to do with Providers. Providers are plugins that allow you to interact with different Cloud Provider Services/Resources.

When you use a cloud provider's Management Console, like AWS, you input some credentials that grant you access to the resources available there. In the same way, when you use terraform, you need to input some credentials to deploy resources on them.

In this article, we will be delving into how we can securely configure and authenticate a user to carry out tasks with terraform.


To effectively follow along with what I'll be doing here, these are the things you should have set up.

  1. An AWS account either with the root login access or an admin IAM user access.

  2. An Ubuntu 20.04 Virtual Machine (VM) with Terraform installed on it. You can click here to see how to install it on your machine.

For us to have an easy flow for this task, we will be grouping the task into two parts. The first will be carried out on the AWS Management Console while the other part will be on our VM.

Creation of IAM User and Access Keys on AWS Console

  1. Log into the AWS console with your credentials. These credentials include your Account ID or alias, IAM user name, and Password as shown below:

  2. From the home page, navigate to the IAM service by typing into the search bar. You can also click on the link to the IAM service shown on this Home page.

  3. On the left pane of the new page, click on users, then Add users. Note that in the image below, I already have some users created. if you are using yours for the first time, it will be empty.

  1. On the next page, you will input a descriptive name that you will like to give to the user you want to create. However, for this user, we will not be enabling access to the console. This means that you will leave the small box unchecked. Click on the next button.

Note that part that says you can generate access keys after creating the user.

  1. On the next page which is for permissions, you would click on the Attach policies directly tab.

Thereafter, check the AdministratorAccess box in the Permissions Policies section. Then scroll down the page and hit the Next button.

On the next page, you are required to review the information you provided and then hit the Create User button to create the user.

  1. On the users' page, you will see your newly created user, click on it. On the next page, scroll down and click on the Security credentials tab.

  1. On the Security credentials page, scroll down to Access Keys and click on Create access key.

  1. On the next page, click on Local code and scroll down the page.

  1. Check the agreement box as shown below and click on the Next button down the page.

  1. On the new page, provide a descriptive name for the access key and click on the Create access key tab.

  1. This new and final page will give you details of the access key you have just generated. Note that once you close the page, you will only see the access key but not the secret access key. This is one of the security measures AWS has put in place. So, you can click on the blue show link beside the hidden secret key (in asterisks ********) to reveal the value and copy it. You can then save it in a safe place. You can also click on the Download .csv file button to download the access and secret access keys in a file on your system. You can then click on Done to close the page.

Authentication and Configuration on the VM

According to the Terraform AWS Provider documentation, the AWS provider plugin supports using an IAM role ( a named profile) whose credentials have been configured in an environmental variable, among other methods. We will be configuring our created credentials in this section of the article.

This method is suitable for when you have to push your codes to a public repository. You would not want to publish them with very sensitive data in relation to the resources you will be deploying.

  1. On your terminal, run:

     sudo apt update && sudo apt upgrade -y
     sudo apt install awscli -y
     aws cli

    The first two commands will help you update and upgrade your repository, then install the AWS CLI while the third one will help to confirm if the installation was successful. You should have an output like this:

  2. Next, run this command:

     aws configure

    This command is the easy and quickest way to set up the AWS CLI configuration. On using the command on the terminal, you will be prompted by the AWS CLI to input four key things which are your Access Key, Secret Access Key, Default Region, and Default Output format.

     AWS Access Key ID [None]: 
     AWS Secret Access Key [None]: 
     Default region name [None]: us-east-1
     Default output format [None]: json

    You will provide the Access and Secret Access keys we generated from the console in the first part of the task. Your region will depend on the closest place to where you are based or you can also use us-east-1 as I did.

    For the output format, there are many options such as json, yaml, text, etc. However, if you do not pick one, the value will default to json. You can pick json as I did above.

  3. You may be wondering how Terraform will be able to access these credentials. Remember we are setting them as an environment variable and this stems from the fact that our aws configure settings created a .aws folder in our home directory.

    In that directory, you will find two files, config, and credentials. The credentials file holds the Access and the Secret Access Keys while the config file holds details about the region and the output format.

    You can also add more information and different profiles in the files as seen in the documentation here.


Having successfully set up the credentials needed for the IAM user authorized to connect terraform with your AWS provider plugin, you can go ahead to use your AWS provider block in your .tf file so that the necessary API calls will be made when you issue your terraform init, terraform plan and terraform apply commands.

Happy Coding!!!


AWS Provider Installation

AWS CLI Configuration Basics

Installing Terraform

Configuration and Credential file setting

Share this