使用IAM角色的Terraform承担

本文介绍了使用IAM角色的Terraform承担的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述

我一直在使用带有Terraform的访问/秘密密钥在AWS中创建/管理我们的基础架构.但是，我正在尝试改为使用IAM角色.我应该能够在我的帐户中使用一个角色，并在另一个帐户中承担该角色，并且应该能够在另一个帐户中进行计划，应用等以建立基础.有什么想法，请提出建议.

I have been using access/secret keys with terraform to create/manage our infrastructure in AWS. However, I am trying to switch to using IAM role instead. I should be able to use a role in my account and assume the role in another account and should be able to run plan, apply etc to build infra in the other account. Any ideas, please suggest.

到目前为止，我正在测试 www.terraform.io/docs/providers/aws/，但是由于某些原因，它对我不起作用，或者说明对我来说并不明确.

So far, I am testing with www.terraform.io/docs/providers/aws/, but for some reason, it is not working for me or the instructions are not clear to me.

推荐答案

获取要担任的角色的完整ARN.在您的提供商配置中，将'assume_role'块与ARN一起使用: www.terraform.io/docs/providers/aws/index.html#assume_role

Get the full ARN for the role you want to assume. In your provider config use the 'assume_role' block with the ARN: www.terraform.io/docs/providers/aws/index.html#assume_role

provider "aws" region = "<whatever region>" assume_role { role_arn = "arn:aws:iam::ACCOUNT_ID:role/ROLE_NAME" } }