vault_aws_secret_backend

Creates an AWS Secret Backend for Vault. AWS secret backends can then issue AWS access keys and secret keys, once a role has been added to the backend.

Example Usage

resource "vault_aws_secret_backend" "aws" {
  access_key = "AKIA....."
  secret_key = "AWS secret key"
}
resource "vault_aws_secret_backend" "aws" { 
  identity_token_audience   = "<TOKEN_AUDIENCE>"
  identity_token_ttl        = "<TOKEN_TTL>"
  role_arn          = "<AWS_ROLE_ARN>"
}

Argument Reference

The following arguments are supported:

{{ if (eq .Type "STS") }}
    {{ printf "vault-%s-%s" (unix_time) (random 20) | truncate 32 }}
{{ else }}
    {{ printf "vault-%s-%s-%s" (printf "%s-%s" (.DisplayName) (.PolicyName) | truncate 42) (unix_time) (random 20) | truncate 64 }}
{{ end }}

Attributes Reference

No additional attributes are exported by this resource.

Import

AWS secret backends can be imported using the path, e.g.

$ terraform import vault_aws_secret_backend.aws aws

Tutorials

Refer to the Inject Secrets into Terraform Using the Vault Provider tutorial for a step-by-step usage example.