Amazon web services 如何在terraform中为IAM用户启用控制台登录
我是新加入terraform创建的IAM用户,使用下面的terraform文件,但是当在aws控制台中看到它时,它说控制台登录未启用。请帮助如何启用密码Amazon web services 如何在terraform中为IAM用户启用控制台登录,amazon-web-services,terraform,amazon-iam,Amazon Web Services,Terraform,Amazon Iam,我是新加入terraform创建的IAM用户,使用下面的terraform文件,但是当在aws控制台中看到它时,它说控制台登录未启用。请帮助如何启用密码 resource "aws_iam_user" "lb" { name = "${var.user_name}" # path = "/system/" # tags = { # tag-key = "tag-value" # } } resource "aws_iam_access_key" "lb" { use
resource "aws_iam_user" "lb" {
name = "${var.user_name}"
# path = "/system/"
# tags = {
# tag-key = "tag-value"
# }
}
resource "aws_iam_access_key" "lb" {
user = "${aws_iam_user.lb.name}"
}
resource "aws_iam_user_policy" "lb_ro" {
name = "test"
user = "${aws_iam_user.lb.name}"
policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"ec2:Describe*"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
EOF
}
resource "aws_iam_user_login_profile" "u" {
user = "${aws_iam_user.lb.name}"
password_reset_required = true
pgp_key = "${base64encode(file("/Terraform_practice/iam_terra/oli.gpg.pubkey"))}"
# pgp_key = "keybase:deekshithsn"
}
output "password" {
value = "${aws_iam_user_login_profile.u.encrypted_password}"
}
资源“aws\u iam\u用户”“lb”{
name=“${var.user\u name}”
#path=“/system/”
#标签={
#标记键=“标记值”
# }
}
资源“aws\u iam\u访问密钥”“lb”{
user=“${aws\u iam\u user.lb.name}”
}
资源“aws\U iam\U用户策略”“lb\U ro”{
name=“测试”
user=“${aws\u iam\u user.lb.name}”
policy=Hii我发现了问题所在,要创建启用控制台登录的Iam用户,您需要在操作系统上安装keybase。有关详细信息,请访问
然后,您需要在本地密钥链中创建一个pgp密钥
使用此命令
keybase pgp gen
然后像这样将这个创建的密钥引用到terraform文件中
provider "aws" {
region = "us-east-1"
shared_credentials_file = "/home/username/.aws/credentials"
profile = "default"
}
resource "aws_iam_user" "u" {
name = "terraform"
path = "/"
force_destroy = true
}
resource "aws_iam_user_login_profile" "u" {
user = "${aws_iam_user.u.name}"
pgp_key = "keybase:your_keybase_username"
}
output "password" {
value = "${aws_iam_user_login_profile.u.encrypted_password}"
}
那就这样吧
terraform apply
然后terraform将以加密的形式输出密码,需要使用以下命令解密密码
terraform output password | base64 --decode | keybase pgp decrypt
我已经测试过了,它工作正常。请告诉我它是否有用。谢谢您提供的详细信息
我运行它时出错了,但下面的命令对我有效
terraform输出-json密码| jq-r.| base64-解码| keybase pgp解密
谢谢你的详细解释。我遵循了相同的步骤,但是,如果我看到aws控制台的terraform抛出任何错误,你能将terraform命令的输出粘贴到此处吗用户已创建,但在aws中,如果我转到该用户的安全信息,它会说**用户没有控制台管理访问权**不,它不会抛出任何错误。用户已获得cr但是,没有控制台登录。我在帖子中附上了图片。对你来说,控制台登录启用了吗?你在terraform文件中用你自己的keybase用户名替换了pgp_key=“keybase:your_keybase_username”了吗