I am newbie to the Terraform and just want to ask that is there anyway to set the AWS console password for IAM user with Terraform. I am able to configure the IAM users, group, their access and secret key but couldn't find the way to set the console password. Please point me to where I can get it work. Thanks
可以将文章内容翻译成中文,广告屏蔽插件可能会导致该功能失效(如失效,请关闭广告屏蔽插件后再试):
问题:
回答1:
Its possible to get console password for IAM USER using terraform :
Using below command :
terraform output password | base64 --decode | keybase pgp decrypt
Follow below instructions :
- Store password in outputs.tf file
- terraform output password > would give your encrypted password
- Now before install nodejs and node on your server and set PATH
- Now to decrypt password we need one more concept that is KEYBASE : https://keybase.io/
Go this site create a account in KEYBASE from consolethen under Docs go to Linux/Ubuntu and follow instructions : Now in shell keybase login enter all details.
Point to be noted :
resource "aws_iam_user_login_profile" "user_login" {
user = "${aws_iam_user.user.name}"
pgp_key = "keybase:username" ------------ username means: user you created in keybase account
password_length = 10 }
Now terraform plan
terraform apply
keybase pgp list
terraform output password | base64 --decode | keybase pgp decrypt
You would get your password :) :)
回答2:
You can now do so by using the iam_user_login_profile resource
resource "aws_iam_user_login_profile" "foo" {
user = "${aws_iam_user.bar.name}"
pgp_key = "${var.key}"
}
Note that the pgp_key is required and can be either a PGP public key or a reference to a keybase.io profile (say foobar) by passing keybase:foobar in the pgp_key variable.
The iam_user_login_profile resource exports a password attribute which is the encrypted password for an aws_iam_user.
Check the official documentation for more.
回答3:
Setting the password via Terraform isn't really possible. Even if it were, it wouldn't be ideal practice because you'd have a password in the configuration. The better option is to let AWS set/use/create a default password that is given to the specific user in a secure way and ensure that they change it.
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 够拽才男人 的文章《Set the AWS console password for IAM user with Ter》','https://www.manongdao.com/article-798847.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}