vault_aws_auth_backend_sts_role

Manages an STS role in a Vault server. STS roles are mappings between account IDs and STS ARNs. When a login attempt is made from an EC2 instance in the account ID specified, the associated STS role will be used to verify the request. For more information, see the Vault documentation.

Example Usage

resource "vault_auth_backend" "aws" {
  type = "aws"
}

resource "vault_aws_auth_backend_sts_role" "role" {
  backend    = vault_auth_backend.aws.path
  account_id = "1234567890"
  sts_role   = "arn:aws:iam::1234567890:role/my-role"
}

Argument Reference

The following arguments are supported:

Attributes Reference

No additional attributes are exported by this resource.

Import

AWS auth backend STS roles can be imported using auth/, the backend path, /config/sts/, and the account_id e.g.

$ terraform import vault_aws_auth_backend_sts_role.example auth/aws/config/sts/1234567890