I'm trying to pass my AWS credentials in Terraform in a secure way. I'm using aws-vault. I've followed the instructions in creating a profile in aws-vault and added my access key and secret. I cannot seem to get the variable syntax right.
When I try to run a Terraform command using aws-vault, ex. aws-vault exec default -- terraform apply -auto-approve I get the following error:
Error: error configuring Terraform AWS Provider: error validating provider credentials: error calling sts:GetCallerIdentity: operation error STS: GetCallerIdentity, https response error StatusCode: 403, RequestID: 8cb2ee-b9ed-4ea5-9f16-ba140d04a4, api error InvalidClientTokenId: The security token included in the request is invalid.
Here is my main.tf file:
provider "aws" {
region = "us-east-2"
access_key = "$AWS_ACCESS_KEY_ID"
secret_key = "$AWS_SECRET_ACCESS_KEY"
}
data "aws_ami" "amazon-linux" {
most_recent = true
owners = ["amazon"]
filter {
name = "name"
values = ["amzn2-ami-hvm*"]
}
filter {
name = "root-device-type"
values = ["ebs"]
}
filter {
name = "architecture"
values = ["x86_64"]
}
filter {
name = "image-type"
values = ["kernel"]
}
filter {
name = "virtualization-type"
values = ["hvm"]
}
}
resource "aws_instance" "ec2-alb-demo-1" {
ami = data.aws_ami.amazon-linux
instance_type = "t2.micro"
tags = {
Name = "EC2-ALB-Demo-1"
}
}
I looked at the aws-vault documentation and it doesn't actually show how to reference the environmental variables in Terraform. I'm using Windows. I've tried typing it ${AWS_ACCESS_KEY_ID}, AWS_ACCESS_KEY_ID and $AWS_ACCESS_KEY_ID. I keep getting errors. What's the correct way to reference a variable from aws-vault?
