Terraform - AWS EC2 IAM Roles

0
votes

Looking to run Terraform using IAM roles in AWS, removing access/shared keys etc. Am I doing this right, something feels a bit odd.

So I have my aws_provider.tf

provider "aws" {
region = "${var.aws_region}"
  assume_role {
    role_arn     = "${var.aws_terraform_admin_role}"
  }
}

Unless I actually give me EC2 instance running Terraform that role it won't work.

Am I missing something here, I am thinking on the AWS side and IAM Roles? Shouldn't Terraform be able to assume the IAM Role without the EC2 instance being assigned it? Do I need to great another role to allow switching between roles?

Or is this as it should be?

Thanks

1
amazon-web-servicesamazon-ec2terraformaws-iamterraform-provider-aws

1 Answers

1
votes

Your EC2 instance needs an instance role that gives it rights to assume the role you want to use for Terraform. For example:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Statement11111",
            "Effect": "Allow",
            "Action": "sts:AssumeRole",
            "Resource": "arn:aws:iam::11111111111:role/TerraformRole"
        }
    ]
}