Terraform + AWS (AssumeRole)
How terraform authenticate to Cloud Providers
Challengs with managing cloud provider credentials
- Statically configured and stored locally on servers
- Hardcoded into system config (CI/CD, environment variable, CLI tools, scripts etc)
- Sprawl of credentials (shared).
- Some of the credentials are over priviledges.
- Long lived credentials, not rotated.
Desire Architecture (Lab-2)
<aside>
💡 Reduce to managing long lived credential (not rotated) as much as possible
</aside>
AWS AssumeRole & Terraform
- What is AWS AssumeRole & STS token?
Creation of AWS IAM Role via Management Console
<aside>
💡 AWS IAM Role, AssumeRole & STS
</aside>
Create Assume Role in AWS-DEV Account
First Go To ⇒ IAM ⇒ Click Create role
