search

Mongey / terraform-provider-kafka

Terraform provider for managing Apache Kafka Topics + ACLs
MIT License
520 stars 132 forks source link

feat: Add support for using explicit AWS credentials #433

Closed bodgit closed 3 months ago

bodgit commented 4 months ago

This PR adds support for explicitly configuring the AWS credentials rather than relying on the implicit environment variables.

We run Terraform using Spacelift which a) is configured in our Vault as an OIDC/JWT provider so automatically generates short-lived AWS credentials and b) makes it difficult to inject the AWS environment variables without using long-lived credentials which we'd rather not do.

For example we can now do something like this:

provider "vault" {
  auth_login_jwt {
    role = "jwt-role-name"
  }
}

data "vault_aws_access_credentials" "creds" {
  backend = "aws"
  type    = "sts"
  role    = "sts-role-name"
}

provider "kafka" {
  bootstrap_servers   = ["localhost:9098"]
  tls_enabled         = true
  sasl_mechanism      = "aws-iam"
  sasl_aws_region     = "us-east-1"
  sasl_aws_access_key = data.vault_aws_access_credentials.creds.access_key
  sasl_aws_secret_key = data.vault_aws_access_credentials.creds.secret_key
  sasl_aws_token      = data.vault_aws_access_credentials.creds.security_token
}
bodgit commented 3 months ago

@Mongey ping, WDYT?

Mongey commented 3 months ago

@bodgit looks good, thanks