I'll update later, but for now...
$ terraform --version
Terraform v0.12.17
+ provider.aws v3.23.0
I have an AWS profile set in my ./aws/credentials and ~/.aws/config files, like so...
~/.aws/credentials
[default]
aws_access_key_id=****
aws_secret_access_key=****
[myprofile]
aws_access_key_id=****
aws_secret_access_key=****
~/.aws/config
[default]
region=us-east-1
output=json
[profile myprofile]
region=us-east-1
output=json
In my Terraform plan, I have
provider "aws" {
region = "us-east-1"
profile = "myprofile"
}
terraform {
required_version = ">= 0.12.17, < 0.13"
}
resource "aws_vpc" "vpc" {
cidr_block = "10.123.123.0/24"
tags = {
Name = "test_vpc"
}
}
output "vpc_id" {
value = aws_vpc.vpc.id
}
And I have a plan that creates a VPC, so I do
$ export AWS_PROFILE=myprofile
$ terraform apply
Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
Outputs:
module_vpc_id = vpc-123456abced
As you can see the plan creates the VPC, however, the VPC doesn't get created in the myprofile account but in the default account. I know so because 1) I don't see it in the myprofile account, and 2) when I destroy the plan, it shows the owner_id as the default account number. Why?
Update: Note if I add the access_key and secret_key key/value pairs in my provider {} block, it creates the VPC in the correct account. Of course I don't wanna do this, but just wanted to prove that the script indeed works with the myprofile account.
Update: Note the following commands return nothing (blanks)
$ echo $AWS_ACCESS_KEY_ID
$ echo $AWS_SECRET_ACCESS_KEY
and running env doesn't show those variables.
Based on the comments.
The issue was caused by having AWS_PROFILE env variable set. According to TF docs, the variable has higher priority then Shared credentials/configuration file: