Notification texts go here Contact Us Buy Now!

Terraform error configuring AWS provider backend issue

Can you use your AWS CLI to connect to your AWS account? like listing your AWS s3 buckets? based on the error I think you didn't configure your AWS by doing aws configure on your CLI. which will require you to have an access key id and secret for the setup.

You must configure AWS' credentials in the Terraform Cloud. In the Terraform Cloud platform, go to Settings -> Variable Sets -> Create Variable Set, put some "name", check "Apply to all workspaces in this organization" and click on buttom "Add Variable". Select "Environment variable" option, and inform the key=AWS_ACCESS_KEY_ID and value="Access key ID". The "Acces key ID" is the ID from AWS credential(IAM). Check the "sensitive" checkbox and click on buttom "Add Variable". So, retry this process to add a new Environment variable with the key/value pair AWS_SECRET_ACCESS_KEY/Secret access key of AWS credential. Finally, click on buttom "Create variable set". Retry the terraform plan command. See more in https://developer.hashicorp.com/terraform/tutorials/aws-get-started/aws-remote#set-workspace-variables

There is a safe way to authenticate Terraform Cloud with AWS, which avoids secrets entirely:

  1. Create an IAM identity provider
  2. Create an IAM role which trusts that provider
  3. Add two environment variables to Terraform Cloud

1. Create an IAM identity provider:

enter image description here

2. Create an IAM role which trusts that provider:

  • The role includes a trust relationship that looks like this. Replace my-tfc-org with the name of your organization in Terraform, and <aws-account-id> with your aws account number.

  • Also attach to the role all the permissions your terraform needs.

  "Version": "2012-10-17",
  "Statement": [
    {
       "Effect": "Allow",
       "Principal": {
         "Federated": "arn:aws:iam::<aws-account-id>:oidc-provider/app.terraform.io"
       },
       "Action": "sts:AssumeRoleWithWebIdentity",
       "Condition": {
         "StringEquals": {
            "app.terraform.io:aud": "aws.workload.identity"
         },
         "StringLike": {
            "app.terraform.io:sub": "organization:my-tfc-org:project:*:workspace:*:run_phase:*"
         }
       }
    }
  ]
}

3. Add two environment variables to Terraform Cloud:

The value of TFC_AWS_RUN_ROLE_ARN points to the role you created above:

These can be in the clear.

This answer is a reproduction of the AWS documention here:

https://aws.amazon.com/blogs/apn/simplify-and-secure-terraform-workflows-on-aws-with-dynamic-provider-credentials/

I had a similar issue.

To resolve it first add the backend configuration setting like the following example:

  backend "remote" {
    hostname     = "app.terraform.io"
    organization = "org-example"

    workspaces {
      name = "my-aws-app"
    }
  }

Then in the terminal do: terraform init -reconfigure

Then go to Terraform Cloud, select your workspace, in my example my-aws-app and then under Variables/Workspace variables select add variables and add AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY making sure you choose environment variable when selecting it on the top.

Then you can go back to the terminal and do

terraform plan

And it should work fine now.

Post a Comment

Cookie Consent
We serve cookies on this site to analyze traffic, remember your preferences, and optimize your experience.
Oops!
It seems there is something wrong with your internet connection. Please connect to the internet and start browsing again.
AdBlock Detected!
We have detected that you are using adblocking plugin in your browser.
The revenue we earn by the advertisements is used to manage this website, we request you to whitelist our website in your adblocking plugin.
Site is Blocked
Sorry! This site is not available in your country.