Add identity provider for terraform cloud

dandi / dandi-infrastructure

A repository to collect docs/issues on DANDI project infrastructure

Apache License 2.0

0 stars 6 forks source link

Add identity provider for terraform cloud #184

Closed danlamanna closed 3 months ago

danlamanna commented 3 months ago

This should allow terraform cloud to authenticate with AWS via a direct trust relationship instead of relying on a manual token placed in the environment of TFC.

See https://developer.hashicorp.com/terraform/cloud-docs/workspaces/dynamic-provider-credentials#how-dynamic-credentials-work for documentation on how the dynamic credential system works.

This adds the infrastructure for doing this authentication but doesn't switch over to it yet, that can be done after merging.

kabilar commented 3 months ago

cc @aaronkanzer

danlamanna commented 3 months ago

FYI I modified the environment variables so TFC is no longer using the infrastructure user's long lived credentials. I'm assuming that dandi-infrastructure-bot is being used for other things so I left it alone.