-
Notifications
You must be signed in to change notification settings - Fork 539
/
aws_auth_backend_sts_role.html
51 lines (38 loc) · 1.64 KB
/
aws_auth_backend_sts_role.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
---
layout: "vault"
page_title: "Vault: vault_aws_auth_backend_sts_role resource"
sidebar_current: "docs-vault-aws-auth-backend-sts-role"
description: |-
Configures an STS role in the Vault AWS Auth backend.
---
# vault\_aws\_auth\_backend\_sts\_role
Manages an STS role in a Vault server. STS roles are mappings
between account IDs and STS ARNs. When a login attempt is made
from an EC2 instance in the account ID specified, the associated
STS role will be used to verify the request. For more information,
see the [Vault documentation](https://www.vaultproject.io/docs/auth/aws.html#cross-account-access).
~> **Important** All data provided in the resource configuration will be
written in cleartext to state and plan files generated by Terraform, and will
appear in the console output when Terraform runs. Protect these artifacts
accordingly. See [the main provider documentation](../../index.html) for more
details.
## Example Usage
```hcl
resource "vault_auth_backend" "aws" {
type = "aws"
}
resource "vault_aws_auth_backend_sts_role" "role" {
backend = "${vault_auth_backend.aws.path}"
account_id = "1234567890"
sts_role = "arn:aws:iam::1234567890:role/my-role"
}
```
## Argument Reference
The following arguments are supported:
* `account_id` - (Optional) The AWS account ID to configure the STS role for.
* `sts_role` - (Optional) The STS role to assume when verifying requests made
by EC2 instances in the account specified by `account_id`.
* `backend` - (Optional) The path the AWS auth backend being configured was
mounted at. Defaults to `aws`.
## Attributes Reference
No additional attributes are exported by this resource.