Bootstrap FreeKB - Amazon Web Services (AWS) - Assume Role or Switch Role using Terraform
Amazon Web Services (AWS) - Assume Role or Switch Role using Terraform
Updated:   |  Amazon Web Services (AWS) articles

Let's say you have a user that has not been granted permission to do something, such returning the list of Virtual Private Clouds (VPC). The terraform refreshterraform outputterraform plan or terraform apply command may return UnauthorizedOperation: You are not authorized to perform this operation.

Error: reading EC2 VPCs: UnauthorizedOperation: You are not authorized to perform this operation.

 

One option here is to use assume_role to assume a role that has permission to do whatever it is that you are trying to do, such as listing your Virtual Private Clouds (VPC).

Let's say you have the following files on your Terraform server.

├── required_providers.tf
├── virtual_private_clouds (directory)
│   ├── data.tf
│   ├── outputs.tf
│   ├── provider.tf
│   ├── resources.tf

 

In provider.tf, you could try using assume_role to assume a role that has permission to do whatever it is that you are trying to do, something like this. In this example, the "default" profile in /home/username/.aws/config and /home/username/.aws/credentials is being used. This assumes you have setup Terraform as described in Amazon Web Services (AWS) - Getting Started with Terraform.

provider "aws" {
  alias   = "default"
  profile = "default"
  region  = "default"

  assume_role {
    role_arn = "arn:aws:iam::123456789012:role/my-role"
  }
}

 

Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee


Comments


Add a Comment


Please enter 3ce56a in the box below so that we can be sure you are a human.