» vault_aws_auth_backend_sts_role

Manages an STS role in a Vault server. STS roles are mappings between account IDs and STS ARNs. When a login attempt is made from an EC2 instance in the account ID specified, the associated STS role will be used to verify the request. For more information, see the Vault documentation.

» Example Usage

resource "vault_auth_backend" "aws" {
  type = "aws"

resource "vault_aws_auth_backend_sts_role" "role" {
  backend    = "${vault_auth_backend.aws.path}"
  account_id = "1234567890"
  sts_role   = "arn:aws:iam::1234567890:role/my-role"

» Argument Reference

The following arguments are supported:

  • account_id - (Optional) The AWS account ID to configure the STS role for.

  • sts_role - (Optional) The STS role to assume when verifying requests made by EC2 instances in the account specified by account_id.

  • backend - (Optional) The path the AWS auth backend being configured was mounted at. Defaults to aws.

» Attributes Reference

No additional attributes are exported by this resource.

» Import

AWS auth backend STS roles can be imported using auth/, the backend path, /config/sts/, and the account_id e.g.

$ terraform import vault_aws_auth_backend_sts_role.example auth/aws/config/sts/1234567890