amazon-web-servicesamazon-s3terraformamazon-iam

Creating IAM user via terraform and upload the secret key and access key in S3 bucket


I have written a terraform code to create IAM user and my requirement is to store the access key and secret key in a S3 bucket. I have tried implementing the same via s3 cli commands, but was not of great help. Any suggestions would be appreciated


Solution

  • I want to point out that storing tokens in s3 can be dangerous, if not configured correctly.

    Make sure that you have understood how policies in AWS and access control in s3 works!. https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html

    With that out of the way, this is what I have come up with:

    # The user to which we will grant access to s3
    resource "aws_iam_user" "user" {
      name          = "s3-user"
      path          = "/"
    }
    
    # Create the access key
    resource "aws_iam_access_key" "key" {
      user = aws_iam_user.user.name
    }
    
    # Create the bucket for storing tokens
    resource "aws_s3_bucket" "token" {
      bucket = "my_token_bucket"
      acl    = "private"
    }
    
    # Create the object inside the token bucket
    resource "aws_s3_bucket_object" "tokens" {
      bucket                 = aws_s3_bucket.token.id
      key                    = "keys.txt"
      server_side_encryption = "AES256"
      content_type = "text/plain"
      content = <<EOF
    access_id: ${aws_iam_access_key.key.id}
    access_secret: ${aws_iam_access_key.key.secret}
    EOF
    }
    

    I haven't tested this.