How to Set Up AWS Credentials for Terraform: A Secure & Beginner-Friendly Guide

If you’re using Terraform to manage AWS infrastructure, you need to securely configure AWS credentials. Hardcoding credentials in your Terraform files is risky, and manual AWS console setups don’t scale.

In this guide, you’ll learn:
1) How to create an AWS IAM user for Terraform
2) Best ways to store AWS credentials securely
3) How to configure Terraform to use these credentials
4) Security best practices to avoid leaks

Before starting, ensure you have:

• An AWS account with admin access (or IAM permissions).
• Install terraform
• Install awscli
• Configure SSH for AWS
• Basic familiarity with the command line.

Step 1: Create an AWS IAM User for Terraform

1. Go to the AWS IAM Console → Users → Add User.
2. Enter a username (e.g., terraform-user).
3. Attach permissions
   • For learning: Use the prebuilt AdministratorAccess policy (full access, but still safer than root).
   • For production: Restrict to least privilege (e.g., only EC2/VPC permissions).

Step 2: Generate Access Keys

1. Go to the IAM User’s “Security Credentials” Tab
   • Navigate to AWS IAM Console → Users → Select your Terraform user (e.g., terraform-user).
   • Click the “Security credentials” tab.
2. Create Access Key for Programmatic Access
   • Scroll to “Access keys” → Click “Create access key”.
   • Select “Command Line Interface (CLI)” (for Terraform/AWS CLI usage).
   • (Optional) Add a description (e.g., “For Terraform production env”).
3. Save the Credentials Securely – ⚠️ This is your only chance to save the Secret Access Key! AWS won’t show it again. Click “Download .csv file” or copy-paste to a secure password manager.
   • AWS will display:
     • Access Key ID: AKIAXXXXXXXXXXXXXXXX
     • Secret Access Key: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

Step 3: Configure Terraform to Use the Keys

1. You need to create the ~/.aws/credentials (file in your home directory e.g., /home/username/.aws/credentials on Linux)
2. credentials File Format

[default]  # Default profile (used if no profile is specified)
aws_access_key_id = AKIAXXXXXXXXXXXXXXXX
aws_secret_access_key = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

3. File Permitions – chmod 600 ~/.aws/credentials
4. AWS directory structure
├── .aws/ # For AWS credentials/CLI settings (NOT Terraform files)
│ ├── credentials # IAM user keys (never root!)
│ └── config # Optional: AWS region/cli settings
│
└── your-terraform-project/ # Your Terraform project directory
├── main.tf # Terraform configuration
├── variables.tf # Input variables
└── outputs.tf # Output definitions

Step 4: Create Teffaform file main.tf inside your project directory

1. main.tf File Format

provider "aws" {
  region = "ap-southeast-1" #add your region
}

variable "instance_state" {
  type    = string
  default = "running"  # Default state (other option: "stopped")
}

resource "aws_instance" "samplename" {
  ami           = "ami-043ad2fe3dbb3e055"  # add your AMI ID 
  instance_type = "t2.micro" #add your instance type
  key_name      = "samplekey" #add your key pair name
  tags = {
    Name = "Example-Web-Server-Name"
        instance_state = var.instance_state  # Apply state dynamically
  }
}
output "instance_ips" {
  value = aws_instance.samplename[*].public_ip
}

Step 4: Run: Initialize Terraform (downloads AWS provider)

terraform init   # Initialize Terraform
terraform plan   # Check execution plan
terraform apply  # Create resources

Congratulations! 🎉 You’ve just mastered the secure way to set up AWS credentials for Terraform.