Hey everyone! I have several AWS accounts, but due to strict security policies, I'm not allowed to create IAM users. I'm on the hunt for ways to manage automation tasks, like running Terraform on AWS, that allow me to use persistent credentials without the hassle of updating them every 45 minutes. Any alternative methods or suggestions you can share? I'm really looking forward to your ideas!
2 Answers
Where exactly are you planning to run Terraform from? It can make a difference in how you manage your automation.
You might want to consider using AWS SSO with a permission set like "terraform-infra-developer" that can be attached to all your accounts. If you set the SSO session length to something longer, like 4 hours, you'll avoid those pesky 45-minute manual updates. It's crucial to discuss this with your security team, though. They should understand your automation needs and may offer an approved solution. Also, with AWS SSO and STS, you get automatically rotating credentials that provide the persistence you require without falling into any security risks tied to static credentials.
Thanks for the tip! I'll definitely check out that permission set.
I'm thinking of running it on GitLab!