when I run "terraform apply" I am getting the following error. I made sure my AMI is in us-west-1 region.
not sure what else could be the problem
PS C:\terraform> terraform apply
Error: Invalid AWS Region: {var.AWS_REGION}
terraform.tfvars file
AWS_ACCESS_KEY="zzz"
AWS_SECRET_KEY="zzz"
provider.tf file
provider "aws"{
access_key = "{var.AWS_ACCESS_KEY}"
secret_key = "{var.AWS_SECRECT_KEY}"
region = "{var.AWS_REGION}"
}
vars.tf file
variable "AWS_ACCESS_KEY" {}
variable "AWS_SECRET_KEY" {}
variable "AWS_REGION" {
default = "us-west-1"
}
variable "AMIS"{
type = map(string)
default ={
us-west-1 = "ami-0948be9af4ee55d19"
}
}
instance.tf
resource "aws_instance" "example"{
ami = "lookup(var.AMIS,var.AWS_REGION)"
instance_type = "t2.micro"
}
You are literally passing the strings "{var.AWS_ACCESS_KEY}" "{var.AWS_SECRET_KEY}" and "{var.AWS_REGION}" to the provider
Try this if you are using terraform 12+:
provider "aws"{
access_key = var.AWS_ACCESS_KEY
secret_key = var.AWS_SECRET_KEY
region = var.AWS_REGION
}
if you are using terraform older than 0.12 then it should be set like this using the $ sign.
provider "aws"{
access_key = ${var.AWS_ACCESS_KEY}
secret_key = ${var.AWS_SECRET_KEY}
region = ${var.AWS_REGION}
}
Related
I'm trying to create an EC2 instance as mentioned in Terraform documentation.
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 4.0"
}
}
}
provider "aws" {
access_key = "Acxxxxxxxxxxxxxxxxx"
secret_key = "UxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxO"
region = "ap-south-1"
}
resource "aws_instance" "app_server" {
ami = "ami-076e3a557efe1aa9c"
instance_type = "t2.micro"
tags = {
Name = "ExampleAppServerInstance"
}
}
But facing issue error configuring Terraform AWS Provider: loading configuration: credential type source_profile profile default.
I have tried to export cmd and configure the default profile but nothing works for me.
What I'm doing wrong here?
I removed .terraform and and lock.hcl and tried fresh terraform init
Thanks for this question.
I'd rather go with the following:
Configure AWS profile:
aws configure
or
vim ~/.aws/config
and then
vim ~/.aws/credentials
write a new profile name or the default as follows:
~/.aws/credentials
[default]
region = us-east-1
output = json
[profile TERRAFORM]
region=us-east-1
output=json
~/.aws/credentials
# Sitech
[default]
aws_access_key_id = A****
aws_secret_access_key = B*********
[TERRAFORM]
aws_access_key_id = A****
aws_secret_access_key = B*********
Use terraform provider profile term rather than access key and secret access key
main.tf
provider "aws" {
profile = var.aws_profile
region = var.main_aws_region
}
terraform.tfvars
aws_profile = "TERRAFORM"
main_aws_region = "us-east-1"
I have a resource in terraform that I need to run an AWS command on after it is created. But I want it to run using the same AWS credentials that terraform is using. The AWS provider is using a profile which it then uses to assume a role:
provider "aws" {
profile = "terraform"
assume_role {
role_arn = local.my_arn
}
}
I had hoped that terraform would expose the necessary environment variables, but that doesn't seem to be the case. What is the best way to do this?
Could you use role assumption via the AWS configuration? Doc: Using an IAM Role in the AWS CLI
~/.aws/config:
[user1]
aws_access_key_id = ACCESS_KEY
aws_secret_access_key = SECRET_KEY
[test-assume]
role_arn = arn:aws:iam::123456789012:role/test-assume
source_profile = user1
main.tf:
provider "aws" {
profile = var.aws_profile
version = "~> 2.0"
region = "us-east-1"
}
variable "aws_profile" {
default = "test-assume"
}
resource "aws_instance" "instances" {
ami = "ami-009d6802948d06e52"
instance_type = "t2.micro"
subnet_id = "subnet-002df68a36948517c"
provisioner "local-exec" {
command = "aws sts get-caller-identity --profile ${var.aws_profile}"
}
}
If you can't, here's a really messy way of doing it. I don't particularly recommend this method, but it will work. This has a dependency on jq but you could also use something else to parse the output from the aws sts assume-role command
main.tf:
provider "aws" {
profile = var.aws_profile
version = "~> 2.0"
region = "us-east-1"
assume_role {
role_arn = var.assume_role
}
}
variable "aws_profile" {
default = "default"
}
variable "assume_role" {
default = "arn:aws:iam::123456789012:role/test-assume"
}
resource "aws_instance" "instances" {
ami = "ami-009d6802948d06e52"
instance_type = "t2.micro"
subnet_id = "subnet-002df68a36948517c"
provisioner "local-exec" {
command = "aws sts assume-role --role-arn ${var.assume_role} --role-session-name Testing --profile ${var.aws_profile} --output json > test.json && export AWS_ACCESS_KEY_ID=`jq -r '.Credentials.AccessKeyId' test.json` && export AWS_SECRET_ACCESS_KEY=`jq -r '.Credentials.SecretAccessKey' test.json` && export AWS_SESSION_TOKEN=`jq -r '.Credentials.SessionToken' test.json` && aws sts get-caller-identity && rm test.json && unset AWS_ACCESS_KEY_ID && unset AWS_SECRET_ACCESS_KEY && unset AWS_SESSION_TOKEN"
}
}
Using the aws_acm_certificate resources makes terraform ignore provided variables.
Here's a simple terraform file:
variable "aws_access_key_id" {}
variable "aws_secret_key" {}
variable "region" { default = "us-west-1" }
provider "aws" {
alias = "prod"
region = "${var.region}"
access_key = "${var.aws_access_key_id}"
secret_key = "${var.aws_secret_key}"
}
resource "aws_acm_certificate" "cert" {
domain_name = "foo.example.com"
validation_method = "DNS"
tags {
project = "foo"
}
lifecycle {
create_before_destroy = true
}
}
Running validate, plan, or apply fails:
$ terraform validate -var-file=my.tfvars
$ cat my.tfvars
region = "us-west-2"
aws_secret_key = "secret"
aws_access_key_id = "not as secret"
There is nothing wrong in your codes.
Please do some cleans and run again (only run the rm command when you fully understand what you are doing)
rm -rf .terraform
rm terraform.tfstate*
terraform fmt
terraform get -update=true
terraform init
terraform plan
I am using terraform first time in order to create resources on my AWS account . I ran the below template for test but it always fails with the issue:
Error parsing <path>/main.tf: At 1:10: illegal char
provider “aws” {
access_key = “${var.access_key}”
secret_key = “${var.access_secret_key}”
region = “${var.region}”enter code here }
resource "aws_vpc" "${var.vpc_name}" { cidr_block = "10.0.0.0/16" enable_dns_hostnames = true }
Error: terraform init There are some problems with the configuration, described below.
Use this instead and let us know
provider "aws" {
access_key = "${var.access_key}"
secret_key = "${var.access_secret_key}"
region = "${var.region}"
}
resource "aws_vpc" "${var.vpc_name}" {
cidr_block = "10.0.0.0/16"
enable_dns_hostnames = true
}
I am a beginner to Terraform.
I am trying to execute following code from Terraform Getting started guide.
provider "aws" {
access_key = "${var.access_key}"
secret_key = "${var.secret_key}"
region = "${var.region}"
}
resource "aws_instance" "example" {
ami = "${lookup(var.amis, var.region)}"
instance_type = "t2.micro"
tags {
Name = "newprovisionerstest"
}
provisioner "local-exec" {
command = "echo ${aws_instance.example.public_ip} > ip_address.txt"
}
}
output "ip" {
value = "${aws_eip.ip.public_ip}"
}
When I run
terraform apply
or
terraform refresh
It gives following error:
Error: output 'ip': unknown resource 'aws_eip.ip' referenced in variable aws_eip.ip.public_ip
Why is it so? Is it because "aws_eip" resource is not declared anywhere?
Like you said it yourself, there is no aws_eip resource called ip.
If you use the
aws_instance.example.public_ip
it should work totally fine