Let's say you have a user that has not been granted permission to do something, such returning the list of Virtual Private Clouds (VPC). The terraform refresh, terraform output, terraform plan or terraform apply command may return UnauthorizedOperation: You are not authorized to perform this operation.
Error: reading EC2 VPCs: UnauthorizedOperation: You are not authorized to perform this operation.
One option here is to use assume_role to assume a role that has permission to do whatever it is that you are trying to do, such as listing your Virtual Private Clouds (VPC).
Let's say you have the following files on your Terraform server.
├── required_providers.tf
├── virtual_private_clouds (directory)
│ ├── data.tf
│ ├── outputs.tf
│ ├── provider.tf
│ ├── resources.tf
In provider.tf, you could try using assume_role to assume a role that has permission to do whatever it is that you are trying to do, something like this. In this example, the "default" profile in /home/username/.aws/config and /home/username/.aws/credentials is being used. This assumes you have setup Terraform as described in Amazon Web Services (AWS) - Getting Started with Terraform.
provider "aws" {
alias = "default"
profile = "default"
region = "default"
assume_role {
role_arn = "arn:aws:iam::123456789012:role/my-role"
}
}
Did you find this article helpful?
If so, consider buying me a coffee over at