{"id":382,"date":"2025-07-01T17:35:18","date_gmt":"2025-07-01T17:35:18","guid":{"rendered":"https:\/\/www.sudeepa.com\/?p=382"},"modified":"2025-07-26T12:13:33","modified_gmt":"2025-07-26T12:13:33","slug":"how-to-set-up-aws-credentials-for-terraform-a-secure-beginner-friendly-guide","status":"publish","type":"post","link":"https:\/\/www.sudeepa.com\/?p=382","title":{"rendered":"How to Set Up AWS Credentials for Terraform: A Secure &amp; Beginner-Friendly Guide"},"content":{"rendered":"\n<p>If you&#8217;re using <strong>Terraform to manage AWS infrastructure<\/strong>, you need to securely configure AWS credentials. Hardcoding credentials in your Terraform files is risky, and manual AWS console setups don\u2019t scale.<\/p>\n\n\n\n<p>In this guide, you\u2019ll learn:<br>1) <strong>How to create an AWS IAM user for Terraform<\/strong><br>2) <strong>Best ways to store AWS credentials securely<\/strong><br>3) <strong>How to configure Terraform to use these credentials<\/strong><br>4) <strong>Security best practices to avoid leaks<\/strong><\/p>\n\n\n\n<p>Before starting, ensure you have:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>An <strong>AWS account<\/strong> with admin access (or IAM permissions).<\/li>\n\n\n\n<li><strong>Install terraform<\/strong><\/li>\n\n\n\n<li><strong>Install awscli<\/strong><\/li>\n\n\n\n<li><strong>Configure SSH for AWS<\/strong><\/li>\n\n\n\n<li>Basic familiarity with the <strong>command line<\/strong>.<\/li>\n<\/ul>\n\n\n\n<p><strong>Step 1: Create an AWS IAM User for Terraform<\/strong><\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>Go to the AWS IAM Console<\/strong> \u2192 <strong>Users<\/strong> \u2192 <strong>Add User<\/strong>.<\/li>\n\n\n\n<li>Enter a <strong>username<\/strong> (e.g., <code>terraform-user<\/code>).<\/li>\n\n\n\n<li>Attach permissions \n<ul class=\"wp-block-list\">\n<li>For learning: Use the prebuilt <strong>AdministratorAccess<\/strong> policy (full access, but still safer than root).<\/li>\n\n\n\n<li>For production: Restrict to least privilege (e.g., only EC2\/VPC permissions).<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n<p><strong>Step 2: Generate Access Keys<\/strong><\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>Go to the IAM User\u2019s &#8220;Security Credentials&#8221; Tab<\/strong>\n<ul class=\"wp-block-list\">\n<li>Navigate to <strong>AWS IAM Console<\/strong> \u2192 <strong>Users<\/strong> \u2192 Select your Terraform user (e.g., <code>terraform-user<\/code>).<\/li>\n\n\n\n<li>Click the <strong>&#8220;Security credentials&#8221;<\/strong> tab.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Create Access Key<\/strong> <strong>for Programmatic Access<\/strong>\n<ul class=\"wp-block-list\">\n<li>Scroll to <strong>&#8220;Access keys&#8221;<\/strong> \u2192 Click <strong>&#8220;Create access key&#8221;<\/strong>.<\/li>\n\n\n\n<li>Select <strong>&#8220;Command Line Interface (CLI)&#8221;<\/strong> (for Terraform\/AWS CLI usage).<\/li>\n\n\n\n<li>(Optional) Add a description (e.g., &#8220;For Terraform production env&#8221;).<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Save the Credentials Securely<\/strong> &#8211; \u26a0\ufe0f <strong>This is your only chance to save the Secret Access Key!<\/strong> AWS won\u2019t show it again. Click <strong>&#8220;Download .csv file&#8221;<\/strong> or copy-paste to a secure password manager.\n<ul class=\"wp-block-list\">\n<li> AWS will display:\n<ul class=\"wp-block-list\">\n<li>Access Key ID: AKIAXXXXXXXXXXXXXXXX <\/li>\n\n\n\n<li>Secret Access Key: wJalrXUtnFEMI\/K7MDENG\/bPxRfiCYEXAMPLEKEY<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n\n\n\n<p><strong>Step 3: Configure Terraform to Use the Keys<\/strong><\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>You need to create the <strong><code>~\/.aws\/credentials<\/code><\/strong><\/strong> (file in your <strong>home directory<\/strong> e.g., <code><strong>\/home\/username<\/strong><\/code><strong>\/.aws\/<code>credentials<\/code><\/strong> on Linux)<\/li>\n\n\n\n<li><strong><code>credentials<\/code><\/strong> <strong>File Format<\/strong><\/li>\n<\/ol>\n\n\n\n<pre class=\"wp-block-preformatted\">[default]  # Default profile (used if no profile is specified)\naws_access_key_id = AKIAXXXXXXXXXXXXXXXX\naws_secret_access_key = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\n<\/pre>\n\n\n\n<p>3. <strong><code>File Permitions <\/code><\/strong>&#8211; chmod 600 ~\/.aws\/credentials<br>4. <strong>AWS directory structure<\/strong><br>\u251c\u2500\u2500 .aws\/                  # For AWS credentials\/CLI settings (NOT Terraform files)<br>\u2502   \u251c\u2500\u2500 credentials        # IAM user keys (never root!)<br>\u2502   \u2514\u2500\u2500 config             # Optional: AWS region\/cli settings<br>\u2502<br>\u2514\u2500\u2500 your-terraform-project\/  # Your Terraform project directory<br>    \u251c\u2500\u2500 main.tf            # Terraform configuration<br>    \u251c\u2500\u2500 variables.tf       # Input variables<br>    \u2514\u2500\u2500 outputs.tf         # Output definitions<\/p>\n\n\n\n<p><strong>Step 4: <strong>Create Teffaform file main.tf inside your project directory<\/strong><\/strong><\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong><strong>main.tf <\/strong>File Format<\/strong><\/li>\n<\/ol>\n\n\n\n<pre class=\"wp-block-preformatted\">provider \"aws\" {<br>  region = \"ap-southeast-1\" #add your region<br>}<br><br>variable \"instance_state\" {<br>  type    = string<br>  default = \"running\"  # Default state (other option: \"stopped\")<br>}<br><br>resource \"aws_instance\" \"samplename\" {<br>  ami           = \"ami-043ad2fe3dbb3e055\"  # add your AMI ID <br>  instance_type = \"t2.micro\" #add your instance type<br>  key_name      = \"samplekey\" #add your key pair name<br>  tags = {<br>    Name = \"Example-Web-Server-Name\"<br>        instance_state = var.instance_state  # Apply state dynamically<br>  }<br>}<br>output \"instance_ips\" {<br>  value = aws_instance.samplename[*].public_ip<br>}<br><br><\/pre>\n\n\n\n<p><strong>Step 4: <strong>Run: <\/strong>Initialize Terraform (downloads AWS provider)<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">terraform init   # Initialize Terraform<br>terraform plan   # Check execution plan<br>terraform apply  # Create resources<\/pre>\n\n\n\n<p style=\"font-size:16px\">Congratulations! \ud83c\udf89 You\u2019ve just mastered the <strong>secure way<\/strong> to set up AWS credentials for Terraform.<\/p>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>If you&#8217;re using Terraform to manage AWS infrastructure, you need to securely configure AWS credentials. Hardcoding credentials in your Terraform files is risky, and manual AWS console setups don\u2019t scale. In this guide, you\u2019ll learn:1) How to create an AWS IAM user for Terraform2) Best ways to store AWS credentials securely3) How to configure Terraform<\/p>\n","protected":false},"author":1,"featured_media":383,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[25],"tags":[34,33],"class_list":["post-382","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-devops","tag-aws","tag-terraform"],"_links":{"self":[{"href":"https:\/\/www.sudeepa.com\/index.php?rest_route=\/wp\/v2\/posts\/382","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.sudeepa.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.sudeepa.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.sudeepa.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.sudeepa.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=382"}],"version-history":[{"count":8,"href":"https:\/\/www.sudeepa.com\/index.php?rest_route=\/wp\/v2\/posts\/382\/revisions"}],"predecessor-version":[{"id":396,"href":"https:\/\/www.sudeepa.com\/index.php?rest_route=\/wp\/v2\/posts\/382\/revisions\/396"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.sudeepa.com\/index.php?rest_route=\/wp\/v2\/media\/383"}],"wp:attachment":[{"href":"https:\/\/www.sudeepa.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=382"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.sudeepa.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=382"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.sudeepa.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=382"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}