Creates a static role for AWS Secret Backend for Vault.
resource "vault_aws_secret_backend" "aws" {
path = "my-aws"
description = "Obtain AWS credentials."
}
resource "vault_aws_secret_backend_static_role" "role" {
backend = vault_aws_secret_backend.aws.path
name = "test"
username = "my-test-user"
rotation_period = "3600"
}
The following arguments are supported:
namespace
- (Optional) The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The namespace
is always relative to the provider's configured namespace.
Available only for Vault Enterprise.
backend
- (Optional) The unique path this backend should be mounted at. Must
not begin or end with a /
. Defaults to aws
name
- (Required) The name to identify this role within the backend.
Must be unique within the backend.
username
- (Required) The username of the existing AWS IAM to manage password rotation for.
rotation_period
- (Required) How often Vault should rotate the password of the user entry.
No additional attributes are exported by this resource.
AWS secret backend static role can be imported using the full path to the role
of the form: <mount_path>/static-roles/<role_name>
e.g.
$ terraform import vault_aws_secret_backend_static_role.role aws/static-roles/example-role