Reads static role credentials from an AWS secret backend in Vault
resource "vault_aws_secret_backend" "aws" {
path = "my-aws"
description = "Obtain AWS credentials."
}
resource "vault_aws_secret_backend_static_role" "role" {
backend = vault_aws_secret_backend.aws.path
name = "test"
username = "my-test-user"
rotation_period = "3600"
}
# generally, these blocks would be in a different module
data "vault_aws_static_access_credentials" "creds" {
backend = vault_aws_secret_backend.aws.path
name = vault_aws_secret_backend_static_role.role.role_name
}
provider "aws" {
access_key = data.vault_aws_access_credentials.creds.access_key
secret_key = data.vault_aws_access_credentials.creds.secret_key
}
The following arguments are supported:
namespace
- (Optional) The namespace to provision the resource in.
The value should not contain leading or trailing forward slashes.
The namespace
is always relative to the provider's configured namespace.
Available only for Vault Enterprise.
backend
- (Required) The path to the AWS secret backend to
read credentials from, with no leading or trailing /
s.
name
- (Required) The name of the AWS secret backend static role to read
credentials from, with no leading or trailing /
s.
In addition to the arguments above, the following attributes are exported:
access_key
- The access key ID associated with the IAM credential.
secret_key
- The secret access key assoicated with the IAM credential.