Quickstart Terraform for AWS
- First, install terraform and set the PATH variable
- Create a folder which will contain your .tf files. cd to that folder (from a cmd prompt)
- From the same command prompt, type Terraform init – downloads all the libraries for the providers (including AWS)
- Specify a provider in your .tf file – as shown below (Use VS Code – recommended)
- Type terraform validate in the folder containing the tf file
- Type terraform apply in the folder containing the tf file
- The ‘assume role’ section specifies WHO is allowed to sts:AssumeRole. The role definition will fail without having at least one sts:AssumeRole principal.
Sample – create a security auditor role – and attach the managed policy – SecurityAudit to it. Also add, AWSSecurityHubFullAccess to the same role
provider "aws" {
version = "~> 2.0"
region = "us-east-1"
}
resource "aws_iam_role" "role" {
name = "security_auditor_role"
assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal":{"AWS":"arn:aws:iam::MY_ACCT_NUMBER:root"},
"Effect": "Allow",
"Sid": ""
}
]
}
EOF
tags = {
resourcetype = "production_role"
}
}
resource "aws_iam_policy_attachment" "policies-attach1" {
name = "security-policies-attachment"
roles = ["security_auditor_role"]
policy_arn = "arn:aws:iam::aws:policy/SecurityAudit"
}
resource "aws_iam_policy_attachment" "policies-attach2" {
name = "security-policies-attachment2"
roles = ["security_auditor_role"]
policy_arn = "arn:aws:iam::aws:policy/AWSSecurityHubFullAccess"
}
Anuj holds professional certifications in Google Cloud, AWS as well as certifications in Docker and App Performance Tools such as New Relic. He specializes in Cloud Security, Data Encryption and Container Technologies.
Anuj Varma – who has written 1214 posts on Anuj Varma, Hands-On Technology Architect, Clean Air Activist.
Leave a Reply