github.com/andresvia/terraform@v0.6.15-0.20160412045437-d51c75946785/website/source/docs/providers/aws/index.html.markdown (about) 1 --- 2 layout: "aws" 3 page_title: "Provider: AWS" 4 sidebar_current: "docs-aws-index" 5 description: |- 6 The Amazon Web Services (AWS) provider is used to interact with the many resources supported by AWS. The provider needs to be configured with the proper credentials before it can be used. 7 --- 8 9 # AWS Provider 10 11 The Amazon Web Services (AWS) provider is used to interact with the 12 many resources supported by AWS. The provider needs to be configured 13 with the proper credentials before it can be used. 14 15 Use the navigation to the left to read about the available resources. 16 17 ## Example Usage 18 19 ``` 20 # Configure the AWS Provider 21 provider "aws" { 22 access_key = "${var.aws_access_key}" 23 secret_key = "${var.aws_secret_key}" 24 region = "us-east-1" 25 } 26 27 # Create a web server 28 resource "aws_instance" "web" { 29 ... 30 } 31 ``` 32 33 ## Authentication 34 35 The AWS provider offers flexible means of providing credentials for 36 authentication. The following methods are supported, in this order, and 37 explained below: 38 39 - Static credentials 40 - Environment variables 41 - Shared credentials file 42 43 44 ### Static credentials ### 45 46 Static credentials can be provided by adding an `access_key` and `secret_key` in-line in the 47 aws provider block: 48 49 Usage: 50 51 ``` 52 provider "aws" { 53 region = "us-west-2" 54 access_key = "anaccesskey" 55 secret_key = "asecretkey" 56 } 57 ``` 58 59 ###Environment variables 60 61 You can provide your credentials via `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY`, 62 environment variables, representing your AWS Access Key and AWS Secret Key, respectively. 63 `AWS_DEFAULT_REGION` and `AWS_SECURITY_TOKEN` are also used, if applicable: 64 65 ``` 66 provider "aws" {} 67 ``` 68 69 Usage: 70 71 ``` 72 $ export AWS_ACCESS_KEY_ID="anaccesskey" 73 $ export AWS_SECRET_ACCESS_KEY="asecretkey" 74 $ export AWS_DEFAULT_REGION="us-west-2" 75 $ terraform plan 76 ``` 77 78 ###Shared Credentials file 79 80 You can use an AWS credentials file to specify your credentials. The default 81 location is `$HOME/.aws/credentials` on Linux and OSX, or `"%USERPROFILE%\.aws\credentials"` 82 for Windows users. If we fail to detect credentials inline, or in the 83 environment, Terraform will check this location. You can optionally specify a 84 different location in the configuration by providing `shared_credentials_file`, 85 or in the environment with the `AWS_SHARED_CREDENTIALS_FILE` variable. This 86 method also supports a `profile` configuration and matching `AWS_PROFILE` 87 environment variable: 88 89 Usage: 90 91 ``` 92 provider "aws" { 93 region = "us-west-2" 94 shared_credentials_file = "/Users/tf_user/.aws/creds" 95 profile = "customprofile" 96 } 97 ``` 98 99 ## Argument Reference 100 101 The following arguments are supported in the `provider` block: 102 103 * `access_key` - (Optional) This is the AWS access key. It must be provided, but 104 it can also be sourced from the `AWS_ACCESS_KEY_ID` environment variable, or via 105 a shared credentials file if `profile` is specified. 106 107 * `secret_key` - (Optional) This is the AWS secret key. It must be provided, but 108 it can also be sourced from the `AWS_SECRET_ACCESS_KEY` environment variable, or 109 via a shared credentials file if `profile` is specified. 110 111 * `region` - (Required) This is the AWS region. It must be provided, but 112 it can also be sourced from the `AWS_DEFAULT_REGION` environment variables, or 113 via a shared credentials file if `profile` is specified. 114 115 * `profile` - (Optional) This is the AWS profile name as set in the shared credentials 116 file. 117 118 * `shared_credentials_file` = (Optional) This is the path to the shared credentials file. 119 If this is not set and a profile is specified, ~/.aws/credentials will be used. 120 121 * `token` - (Optional) Use this to set an MFA token. It can also be sourced 122 from the `AWS_SECURITY_TOKEN` environment variable. 123 124 * `max_retries` - (Optional) This is the maximum number of times an API call is 125 being retried in case requests are being throttled or experience transient failures. 126 The delay between the subsequent API calls increases exponentially. 127 128 * `allowed_account_ids` - (Optional) List of allowed AWS account IDs (whitelist) 129 to prevent you mistakenly using a wrong one (and end up destroying live environment). 130 Conflicts with `forbidden_account_ids`. 131 132 * `forbidden_account_ids` - (Optional) List of forbidden AWS account IDs (blacklist) 133 to prevent you mistakenly using a wrong one (and end up destroying live environment). 134 Conflicts with `allowed_account_ids`. 135 136 * `insecure` - (Optional) Optional) Explicitly allow the provider to 137 perform "insecure" SSL requests. If omitted, default value is `false` 138 139 * `dynamodb_endpoint` - (Optional) Use this to override the default endpoint 140 URL constructed from the `region`. It's typically used to connect to 141 dynamodb-local. 142 143 * `kinesis_endpoint` - (Optional) Use this to override the default endpoint 144 URL constructed from the `region`. It's typically used to connect to 145 kinesalite. 146 147 Nested `endpoints` block supports the followings: 148 149 * `iam` - (Optional) Use this to override the default endpoint 150 URL constructed from the `region`. It's typically used to connect to 151 custom iam endpoints. 152 153 * `ec2` - (Optional) Use this to override the default endpoint 154 URL constructed from the `region`. It's typically used to connect to 155 custom ec2 endpoints. 156 157 * `elb` - (Optional) Use this to override the default endpoint 158 URL constructed from the `region`. It's typically used to connect to 159 custom elb endpoints.