Looking to run Terraform using IAM roles in AWS, removing access/shared keys etc. Am I doing this right, something feels a bit odd.
So I have my aws_provider.tf
provider "aws" {
region = "${var.aws_region}"
assume_role {
role_arn = "${var.aws_terraform_admin_role}"
}
}
Unless I actually give me EC2 instance running Terraform that role it won't work.
Am I missing something here, I am thinking on the AWS side and IAM Roles? Shouldn't Terraform be able to assume the IAM Role without the EC2 instance being assigned it? Do I need to great another role to allow switching between roles?
Or is this as it should be?
Thanks