How to make Terraform to read AWS Credentials file?

Question

I am trying to create an AWS S3 bucket using terraform and this is my code:

provider "aws" {
  profile = "default"
  region  = "ap-south-1"
}

resource "aws_s3_bucket" "first_tf" {
  bucket = "svk-pl-2909202022"
  acl    = "private"
}

I have manually created the "Credentials" file using Notepad and also removed the ".txt" extension using Powershell and stored that file in C:\Users\terraform\.aws, and that file is like this:

[default]
aws_access_key_id=**************
aws_secret_access_key=************

But when I try to run terraform plan, I get an error which says

ERROR: error configuring Terraform AWS Provider: no valid credential sources for Terraform AWS Provider found

Then, I also tried to create that "Credentials" file by installing AWS CLI, I ran the command

aws configure --profile terraform

where terraform was my username. So, it asked me to enter aws_access_key_id and aws_secret_access_key. and after entering all the credentials, I ran the command terraform init, which ran successfully but when I ran terraform plan, it shows the error again which says:

ERROR: error configuring Terraform AWS Provider: no valid credential sources for Terraform AWS Provider found

Just wanted to add, as there are not many answers for this provider, In my case (`alicloud`) the format of the credential files was suppose to be `json`-like vs `ini`-like. This is also being stated in the documentation of the `provider` itself. in my case, this was the reason that the file has been ignored — Ricky Levi, Jun 26 '22 at 08:59

Derek Menénedez · Accepted Answer · 2023-05-22T14:54:43.597

43

When you create a profile manually

provider "aws" {
  region                  = "your region"
  shared_credentials_file = "path_file_credentials like C:\Users\terraform\.aws\credentials"
  profile                 = "profile_name"
}

When you don't want to put your shared file manually

That needs to be in this path %USERPROFILE%.aws\credentials

provider "aws" {
  region                  = "your region"
  profile                 = "profile_name"
}

If you want to put your credentials in a tf file

provider "aws" {
  region     = "us-west-2"
  access_key = "my-access-key"
  secret_key = "my-secret-key"
}

edited May 22 '23 at 14:54

answered Sep 29 '20 at 16:47

Derek Menénedez

2,003
11
20

Since version 4.0.0 of the AWS provider the param to specify the credentials file is called `shared_credentials_files` (mind the plural) and it expects a list. Hence, it should be `shared_credentials_files = ["path_to_credentials_file"]`. See [here](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/guides/version-4-upgrade). – Joe Apr 12 '23 at 15:55
I would recommend against the 3rd option of adding the credentials inside the provider block, as this will likely be committed to a repository, and it is a security risk exposing your credentials this way. – Cobus Bernard May 17 '23 at 15:46

score 38 · Answer 2 · answered Apr 09 '21 at 22:09

38

I've spent quite a bit of time trying to figure out how to get Terraform to read ~/.aws/credentials. The only option that worked for me was specifying AWS_PROFILE environment var to point it to the specific section of the credentials file.

AWS_PROFILE=prod terraform plan

or

export AWS_PROFILE=prod 
terraform plan

The fact that the shared_credentials_file and/or the profile options in the provider section get ignored looks like a bug to me.

answered Apr 09 '21 at 22:09

Yuri Pismerov

381
3
2

I've come to the same conclusion. Any updates on this? – LazyEval Jul 27 '21 at 12:08
2

If your issue is pertaining to backend configuration for the state file, I've come across this issue: https://github.com/hashicorp/terraform/issues/13589 ; running `terraform init -reconfigure` solved the issue for me – LazyEval Jul 27 '21 at 14:05

score 3 · Answer 3 · answered Apr 12 '21 at 14:00

The path where you are storing the credentials file is wrong.

C:\Users\your-username\.aws

You can add these below files in the above location.

credentials

[default]
aws_access_key_id = your access key
aws_secret_access_key = your secret key

config

[default]
region=ap-south-1

And you don't need to configure any thing into terraform or python if you're using boto3. Terraform and boto3 will automatically find the desired credentials file.

score 3 · Answer 4 · answered Apr 12 '21 at 14:06

3

You have to set up a custom section in your credentials file with the command

aws configure --profile=prod

in order to use env variable like this.

answered Apr 12 '21 at 14:06

Voronin Roman

257
1
4

score 2 · Answer 5 · answered May 14 '22 at 06:16

2

when you have AWS cli already installed in local then go to config file path: %USERPROFILE%\.aws\credentials Update Credentials as below:

[default]
aws_access_key_id = "xxxxx"
aws_secret_access_key = "xxxxx"
region= us-east-1

answered May 14 '22 at 06:16

Prakash Vegiraju

89
7

How to make Terraform to read AWS Credentials file?

5 Answers5

Linked