
This assumes you have installed Terraform, as described at https://learn.hashicorp.com/tutorials/terraform/install-cli?in=terraform/aws-get-started.
Let's say you have the following files in the /usr/local/terraform/aws directory on your Terraform server.
├── caller_identity.tf
├── resources.tf
├── provider.tf
├── required_providers.tf
required_providers.tf will almost always have this.
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
}
}
}
Let's say /home/john.doe/.aws/config contains a profile, something like this.
[profile johndoe]
region = us-east-1
output = json
And /home/john.doe/.aws/credentials contains johndoe access key and secret key.
[johndoe]
aws_secret_access_key = yK53a123456TYaxPabcdefK2gdO0Pq1123456qmq
aws_access_key_id = AKI12345676GL5ABCDEF
In this scenario, providers.tf could then have something like this.
provider "aws" {
alias = "johndoe"
profile = "johndoe"
region = "us-east-1"
}
Or you can point to alternative config and credentials files.
provider "aws" {
shared_config_files = ["/usr/local/aws/config"]
shared_credentials_files = ["/usr/local/aws/credentials"]
profile = "default"
}
Or provider.tf could have the following.
provider "aws" {
access_key = var.access_key
secret_key = var.secret_key
region = var.region
}
And variables.tf might have something like this.
variable "access_key" {
description = "access key"
type = string
sensitive = true
default = "ABCDEFG123456789"
}
variable "secret_key" {
description = "secret key"
type = string
sensitive = true
default = "ABCDEFG123456789ABCDEFG123456789"
}
variable "region" {
description = "AWS region"
type = string
sensitive = false
default = "us-east-1"
}
And caller_identity.tf could have the following, just to validate that the connection to AWS is being made with the correct profile.
data "aws_caller_identity" "caller-identity" {}
output "caller_identity" {
value = data.aws_caller_identity.caller-identity
}
Then use terraform init to initialize the AWS provider.
terraform init
And then the terraform plan command can be used can something like this should be returned.
caller_identity = {
"account_id" = "123456789012"
"arn" = "arn:aws:iam::123456789012:user/johndoe"
"id" = "123456789012"
"user_id" = "AIABDEFG76GL123456RP"
}
Did you find this article helpful?
If so, consider buying me a coffee over at