vault_aws_auth_backend_sts_role

Manages an STS role in a Vault server. STS roles are mappings between account IDs and STS ARNs. When a login attempt is made from an EC2 instance in the account ID specified, the associated STS role will be used to verify the request. For more information, see the Vault documentation.

Important All data provided in the resource configuration will be written in cleartext to state and plan files generated by Terraform, and will appear in the console output when Terraform runs. Protect these artifacts accordingly. See the main provider documentation for more details.

Example Usage

resource "vault_auth_backend" "aws" {
  type = "aws"
}

resource "vault_aws_auth_backend_sts_role" "role" {
  backend    = "${vault_auth_backend.aws.path}"
  account_id = "1234567890"
  sts_role   = "arn:aws:iam::1234567890:role/my-role"
}

Argument Reference

The following arguments are supported:

account_id - (Optional) The AWS account ID to configure the STS role for.
sts_role - (Optional) The STS role to assume when verifying requests made by EC2 instances in the account specified by account_id.
backend - (Optional) The path the AWS auth backend being configured was mounted at. Defaults to aws.

Attributes Reference

No additional attributes are exported by this resource.

© 2018 HashiCorp
Licensed under the MPL 2.0 License.
https://www.terraform.io/docs/providers/vault/r/aws_auth_backend_sts_role.html