HiveBrain v1.2.0
Get Started
← Back to all entries
snippetterraformMinor

How do I run Terraform with AWS MFA?

Submitted by: @import:stackexchange-devops··
0
Viewed 0 times
withawshowmfarunterraform

Problem

I'm using Terraform with the terraform-provider-aws provider to manage my AWS infrastructure. I'm trying to enable mfa_delete on an S3 bucket, but when I try to apply the change I get this error:

1 error occurred:
        * aws_s3_bucket.logs: 1 error occurred:
        * aws_s3_bucket.logs: Error putting S3 versioning: AccessDenied: Mfa Authentication must be used for this request
        status code: 403, request id: , host id: 


How can I run Terraform in a mode that uses multi-factor authentication? My IAM account has a Virtual MFA device attached, but that MFA isn't used when I'm terraforming because terraform uses the API Access Key associated with my account.

Solution

The solution is to specify an assume_role statement:

provider "aws" {
  profile = "default"
  assume_role {
    role_arn = "arn:aws:iam::[ACCOUNT_ID]:role/terraform-test-role"
  }
}

Code Snippets

provider "aws" {
  profile = "default"
  assume_role {
    role_arn = "arn:aws:iam::[ACCOUNT_ID]:role/terraform-test-role"
  }
}

Context

StackExchange DevOps Q#11368, answer score: 4

Revisions (0)

No revisions yet.