Fatal编程技术网
  • amazon-web-services/
  • Amazon web services 如何在terraform中为IAM用户启用控制台登录

Amazon web services 如何在terraform中为IAM用户启用控制台登录

amazon-web-services terraform

Amazon web services 如何在terraform中为IAM用户启用控制台登录,amazon-web-services,terraform,amazon-iam,Amazon Web Services,Terraform,Amazon Iam,我是新加入terraform创建的IAM用户,使用下面的terraform文件,但是当在aws控制台中看到它时,它说控制台登录未启用。请帮助如何启用密码 resource "aws_iam_user" "lb" { name = "${var.user_name}" # path = "/system/" # tags = { # tag-key = "tag-value" # } } resource "aws_iam_access_key" "lb" { use

我是新加入terraform创建的IAM用户,使用下面的terraform文件,但是当在aws控制台中看到它时,它说控制台登录未启用。请帮助如何启用密码

resource "aws_iam_user" "lb" {

name = "${var.user_name}"

  # path = "/system/"
  # tags = {
  #   tag-key = "tag-value"
  # }
}

resource "aws_iam_access_key" "lb" {
  user = "${aws_iam_user.lb.name}"
}

resource "aws_iam_user_policy" "lb_ro" {
  name = "test"
  user = "${aws_iam_user.lb.name}"

  policy = <<EOF
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "ec2:Describe*"
      ],
      "Effect": "Allow",
      "Resource": "*"
    }   
  ]
}
EOF
}

resource "aws_iam_user_login_profile" "u" {
  user                    = "${aws_iam_user.lb.name}"
  password_reset_required = true
  pgp_key                 = "${base64encode(file("/Terraform_practice/iam_terra/oli.gpg.pubkey"))}"

  # pgp_key = "keybase:deekshithsn"
}

output "password" {
  value = "${aws_iam_user_login_profile.u.encrypted_password}"
}

资源“aws\u iam\u用户”“lb”{
name=“${var.user\u name}”
#path=“/system/”
#标签={
#标记键=“标记值”
# }
}
资源“aws\u iam\u访问密钥”“lb”{
user=“${aws\u iam\u user.lb.name}”
}
资源“aws\U iam\U用户策略”“lb\U ro”{
name=“测试”
user=“${aws\u iam\u user.lb.name}”

policy=Hii我发现了问题所在,要创建启用控制台登录的Iam用户,您需要在操作系统上安装keybase。有关详细信息,请访问



然后,您需要在本地密钥链中创建一个pgp密钥
使用此命令


keybase pgp gen


然后像这样将这个创建的密钥引用到terraform文件中


provider "aws" {
  region                  = "us-east-1"
  shared_credentials_file = "/home/username/.aws/credentials"
  profile                 = "default"
}

resource "aws_iam_user" "u" {
  name          = "terraform"
  path          = "/"
  force_destroy = true
}

resource "aws_iam_user_login_profile" "u" {
  user    = "${aws_iam_user.u.name}"
  pgp_key = "keybase:your_keybase_username"
}

output "password" {
  value = "${aws_iam_user_login_profile.u.encrypted_password}"
}


那就这样吧


terraform apply


然后terraform将以加密的形式输出密码,需要使用以下命令解密密码


terraform output password | base64 --decode | keybase pgp decrypt



我已经测试过了,它工作正常。请告诉我它是否有用。
谢谢您提供的详细信息

我运行它时出错了,但下面的命令对我有效

terraform输出-json密码| jq-r.| base64-解码| keybase pgp解密


谢谢你的详细解释。我遵循了相同的步骤,但是,如果我看到aws控制台的terraform抛出任何错误,你能将terraform命令的输出粘贴到此处吗用户已创建,但在aws中,如果我转到该用户的安全信息,它会说**用户没有控制台管理访问权**不,它不会抛出任何错误。用户已获得cr但是,没有控制台登录。我在帖子中附上了图片。对你来说,控制台登录启用了吗?你在terraform文件中用你自己的keybase用户名替换了pgp_key=“keybase:your_keybase_username”了吗