» vault_aws_secret_backend_role

Creates a role on an AWS Secret Backend for Vault. Roles are used to map credentials to the policies that generated them.

» Example Usage

resource "vault_aws_secret_backend" "aws" {
  access_key = "AKIA....."
  secret_key = "AWS secret key"
}

resource "vault_aws_secret_backend_role" "role" {
  backend = "${vault_aws_secret_backend.aws.path}"
  name    = "deploy"

  policy = <<EOT
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "iam:*",
      "Resource": "*"
    }
  ]
}
EOT
}

» Argument Reference

The following arguments are supported:

  • backend - (Required) The path the AWS secret backend is mounted at, with no leading or trailing /s.

  • name - (Required) The name to identify this role within the backend. Must be unique within the backend.

  • policy - (Optional) The JSON-formatted policy to associate with this role. Either policy or policy_arn must be specified.

  • policy_arn - (Optional) The ARN for a pre-existing policy to associate with this role. Either policy or policy_arn must be specified.

» Attributes Reference

No additional attributes are exported by this resource.

» Import

RabbitMQ secret backend roles can be imported using the path, e.g.

$ terraform import vault_aws_secret_backend_role.role aws/roles/deploy