S3 Access User Terraform Configuration¶
This Terraform configuration creates an IAM user with access keys and assigns a policy for S3 bucket access with KMS encryption capabilities.
Source code
Overview¶
The code provisions the following AWS resources:
- IAM user
- IAM access keys for the user
- IAM policy granting access to a specific S3 bucket with KMS
- Policy attachment to give the user the appropriate permissions
Prerequisites¶
- Terraform v1.5+
- AWS credentials with permissions to create IAM resources
- AWS CLI configured or environment variables set
Usage¶
Configure Variables¶
Review and adjust values in iam.auto.tfvars as needed:
Example configuration
user_name = "obs-external"
create_iam_access_key = true
policy_name = "access-s3-analytics"
policy_path = "/obs/analytics/"
region = "us-east-1"
bucket_arn = "arn:aws:s3:::hahs-s3-example-bucket"
kms_key_arn = "arn:aws:kms:eu-central-1:000000000000:key/xxxxxxx-xxxxxxx-xxxxxxx-xxxxxxx"
Initialize Terraform¶
Preview changes¶
Apply Configuration¶
Danger
Review the displayed plan and type yes to confirm applying the changes.
Retrieve Access Keys¶
Get only the Access Key ID¶
Get only the Secret Access Key¶
Get both values (environment variables)¶
ENV: Access Key ID + Secret Access Key
terraform output -json | jq -r '"export AWS_ACCESS_KEY_ID=" + .iam_user.value.iam_access_key_id + "\nexport AWS_SECRET_ACCESS_KEY=" + .iam_user.value.iam_access_key_secret'
Get both values (JSON)¶
JSON: Access Key ID + Secret Access Key
terraform output -json | jq '{access_key: .iam_user.value.iam_access_key_id, secret_key: .iam_user.value.iam_access_key_secret}'
Get both values (.aws/credentials)¶
AWS Credentials: Access Key ID + Secret Access Key
terraform output -json | jq -r '"aws_access_key_id = " + .iam_user.value.iam_access_key_id + "\naws_secret_access_key = " + .iam_user.value.iam_access_key_secret'
Destroy Configuration¶
Danger
Review the displayed plan and type yes to confirm destroy the configuration.