• Docs
  • Cloud Provider Setup
  • AWS

AWS Authentication and Authorization

Terrateam needs permission to access resources in your AWS account.

Credentials are never stored on our servers.

Prerequisites:

Create a Terrateam IAM user

A dedicated IAM user with programmatic credentials is used to access AWS resources.

  1. Create a terrateam IAM user
aws iam create-user --user-name terrateam
  1. Attach the PowerUserAccess IAM policy
aws iam attach-user-policy \
--policy-arn arn:aws:iam::aws:policy/PowerUserAccess \
--user-name terrateam

PowerUserAccess is an AWS managed IAM policy.

This policy provides full access to AWS services and resources, but does not allow management of users and groups.

This IAM policy is merely a suggestion. Choose whichever IAM policy makes the most sense for your organization.

  1. Create an access key for the terrateam user
aws iam create-access-key --user-name terrateam

Record the AccessKeyId and SecretAccessKey to use below.

Add Credentials to GitHub Secrets

Credentials are securely stored in GitHub Secrets and exposed as obfuscated environment variables in the Terrateam GitHub Action runtime environment.

  1. Export your Terraform organization/repo combination as an environment variable.

For example:

export REPO="<OWNER/REPO>"
  1. Create the AWS Access Key ID GitHub Secret
gh secret --repo "$REPO" set AWS_ACCESS_KEY_ID
  1. Create the AWS Secret Access Key GitHub Secret
gh secret --repo "$REPO" set AWS_SECRET_ACCESS_KEY

AWS Terraform Provider

The AWS Terraform provider will detect and use the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY GitHub Secrets automatically set in the Terrateam GitHub Action runtime environment.