vault_aws_secret_backend_role

Creates a role on an AWS Secret Backend for Vault. Roles are used to map credentials to the policies that generated them.

Example Usage

resource "vault_aws_secret_backend" "aws" {
  access_key = "AKIA....."
  secret_key = "AWS secret key"
}

resource "vault_aws_secret_backend_role" "role" {
  backend = "${vault_aws_secret_backend.aws.path}"
  name    = "deploy"

  policy = <<EOT
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "iam:*",
      "Resource": "*"
    }
  ]
}
EOT
}

Argument Reference

The following arguments are supported:

  • backend - (Required) The path the AWS secret backend is mounted at, with no leading or trailing /s.

  • name - (Required) The name to identify this role within the backend. Must be unique within the backend.

  • policy - (Optional) The JSON-formatted policy to associate with this role. Either policy or policy_arn must be specified.

  • policy_arn - (Optional) The ARN for a pre-existing policy to associate with this role. Either policy or policy_arn must be specified.

Attributes Reference

No additional attributes are exported by this resource.

© 2018 HashiCorp
Licensed under the MPL 2.0 License.
https://www.terraform.io/docs/providers/vault/r/aws_secret_backend_role.html