AWS Authentication and Authorization
Terrateam needs permission to access resources in your AWS account.
Credentials are never stored on our servers.
A dedicated IAM user with programmatic credentials is used to access AWS resources.
- Create a
aws iam create-user --user-name terrateam
- Attach the
aws iam attach-user-policy \ --policy-arn arn:aws:iam::aws:policy/PowerUserAccess \ --user-name terrateam
PowerUserAccess is an AWS managed IAM policy.
This policy provides full access to AWS services and resources, but does not allow management of users and groups.
This IAM policy is merely a suggestion. Choose whichever IAM policy makes the most sense for your organization.
- Create an access key for the
aws iam create-access-key --user-name terrateam
SecretAccessKey to use below.
Credentials are securely stored in GitHub Secrets and exposed as obfuscated environment variables in the Terrateam GitHub Action runtime environment.
- Export your Terraform
organization/repocombination as an environment variable.
- Create the AWS Access Key ID GitHub Secret
gh secret --repo "$REPO" set AWS_ACCESS_KEY_ID
- Create the AWS Secret Access Key GitHub Secret
gh secret --repo "$REPO" set AWS_SECRET_ACCESS_KEY
The AWS Terraform provider
will detect and use the
AWS_SECRET_ACCESS_KEY GitHub Secrets
automatically set in the Terrateam GitHub Action runtime environment.