» vault_aws_secret_backend
Creates an AWS Secret Backend for Vault. AWS secret backends can then issue AWS access keys and secret keys, once a role has been added to the backend.
Important All data provided in the resource configuration will be written in cleartext to state and plan files generated by Terraform, and will appear in the console output when Terraform runs. Protect these artifacts accordingly. See the main provider documentation for more details.
» Example Usage
resource "vault_aws_secret_backend" "aws" {
access_key = "AKIA....."
secret_key = "AWS secret key"
}
» Argument Reference
The following arguments are supported:
-
access_key
- (Required) The AWS Access Key ID this backend should use to issue new credentials. -
secret_key
- (Required) The AWS Secret Key this backend should use to issue new credentials.
Important Because Vault does not support reading the configured
credentials back from the API, Terraform cannot detect and correct drift
on access_key
or secret_key
. Changing the values, however, will
overwrite the previously stored values.
-
region
- (Optional) The AWS region for API calls. Defaults tous-east-1
. -
path
- (Optional) The unique path this backend should be mounted at. Must not begin or end with a/
. Defaults toaws
. -
description
- (Optional) A human-friendly description for this backend. -
default_lease_ttl_seconds
- (Optional) The default TTL for credentials issued by this backend. -
max_lease_ttl_seconds
- (Optional) The maximum TTL that can be requested for credentials issued by this backend.
» Attributes Reference
No additional attributes are exported by this resource.
» Import
AWS secret backends can be imported using the path
, e.g.
$ terraform import vault_aws_secret_backend.aws aws