github.com/erriapo/terraform@v0.6.12-0.20160203182612-0340ea72354f/website/source/docs/providers/aws/index.html.markdown

github.com/erriapo/terraform@v0.6.12-0.20160203182612-0340ea72354f/website/source/docs/providers/aws/index.html.markdown (about)

     1  ---
     2  layout: "aws"
     3  page_title: "Provider: AWS"
     4  sidebar_current: "docs-aws-index"
     5  description: |-
     6    The Amazon Web Services (AWS) provider is used to interact with the many resources supported by AWS. The provider needs to be configured with the proper credentials before it can be used.
     7  ---
     8  
     9  # AWS Provider
    10  
    11  The Amazon Web Services (AWS) provider is used to interact with the
    12  many resources supported by AWS. The provider needs to be configured
    13  with the proper credentials before it can be used.
    14  
    15  Use the navigation to the left to read about the available resources.
    16  
    17  ## Example Usage
    18  
    19  ```
    20  # Configure the AWS Provider
    21  provider "aws" {
    22      access_key = "${var.aws_access_key}"
    23      secret_key = "${var.aws_secret_key}"
    24      region = "us-east-1"
    25  }
    26  
    27  # Create a web server
    28  resource "aws_instance" "web" {
    29      ...
    30  }
    31  ```
    32  
    33  ## Authentication 
    34  
    35  The AWS provider offers flexible means of providing credentials for
    36  authentication. The following methods are supported, in this order, and
    37  explained below:
    38  
    39  - Static credentials
    40  - Environment variables
    41  - Shared credentials file
    42  
    43  
    44  ### Static credentials ###
    45  
    46  Static credentials can be provided by adding an `access_key` and `secret_key` in-line in the
    47  aws provider block:
    48  
    49  Usage: 
    50  
    51  ```
    52  provider "aws" {
    53    region     = "us-west-2"
    54    access_key = "anaccesskey"
    55    secret_key = "asecretkey"
    56  }
    57  ```
    58  
    59  ###Environment variables
    60  
    61  You can provide your credentials via `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY`, 
    62  environment variables, representing your AWS Access Key and AWS Secret Key, respectively.
    63  `AWS_DEFAULT_REGION` and `AWS_SECURITY_TOKEN` are also used, if applicable:
    64  
    65  ```
    66  provider "aws" {}
    67  ```
    68  
    69  Usage:
    70  
    71  ```
    72  $ exoprt AWS_ACCESS_KEY_ID="anaccesskey" 
    73  $ export AWS_SECRET_ACCESS_KEY="asecretkey"
    74  $ export AWS_DEFAULT_REGION="us-west-2"
    75  $ terraform plan
    76  ```
    77  
    78  ###Shared Credentials file
    79  
    80  You can use an AWS credentials file to specify your credentials. The default
    81  location is `$HOME/.aws/credentials` on Linux and OSX, or `"%USERPROFILE%\.aws\credentials"` 
    82  for Windows users. If we fail to detect credentials inline, or in the
    83  environment, Terraform will check this location. You can optionally specify a
    84  different location in the configuration by providing `shared_credentials_file`,
    85  or in the environment with the `AWS_SHARED_CREDENTIALS_FILE` variable. This
    86  method also supports a `profile` configuration and matching `AWS_PROFILE`
    87  environment variable:
    88  
    89  Usage: 
    90  
    91  ```
    92  provider "aws" {
    93    region                   = "us-west-2"
    94    shared_credentials_file  = "/Users/tf_user/.aws/creds"
    95    profile                  = "customprofile"
    96  }
    97  ```
    98  
    99  ## Argument Reference
   100  
   101  The following arguments are supported in the `provider` block:
   102  
   103  * `access_key` - (Optional) This is the AWS access key. It must be provided, but
   104    it can also be sourced from the `AWS_ACCESS_KEY_ID` environment variable, or via
   105    a shared credentials file if `profile` is specified.
   106  
   107  * `secret_key` - (Optional) This is the AWS secret key. It must be provided, but
   108    it can also be sourced from the `AWS_SECRET_ACCESS_KEY` environment variable, or
   109    via a shared credentials file if `profile` is specified.
   110  
   111  * `region` - (Required) This is the AWS region. It must be provided, but
   112    it can also be sourced from the `AWS_DEFAULT_REGION` environment variables, or
   113    via a shared credentials file if `profile` is specified.
   114  
   115  * `profile` - (Optional) This is the AWS profile name as set in the shared credentials
   116    file.
   117  
   118  * `shared_credentials_file` = (Optional) This is the path to the shared credentials file.
   119    If this is not set and a profile is specified, ~/.aws/credentials will be used.
   120  
   121  * `token` - (Optional) Use this to set an MFA token. It can also be sourced
   122    from the `AWS_SECURITY_TOKEN` environment variable.
   123  
   124  * `max_retries` - (Optional) This is the maximum number of times an API call is
   125    being retried in case requests are being throttled or experience transient failures.
   126    The delay between the subsequent API calls increases exponentially.
   127  
   128  * `allowed_account_ids` - (Optional) List of allowed AWS account IDs (whitelist)
   129    to prevent you mistakenly using a wrong one (and end up destroying live environment).
   130    Conflicts with `forbidden_account_ids`.
   131  
   132  * `forbidden_account_ids` - (Optional) List of forbidden AWS account IDs (blacklist)
   133    to prevent you mistakenly using a wrong one (and end up destroying live environment).
   134    Conflicts with `allowed_account_ids`.
   135  
   136  * `dynamodb_endpoint` - (Optional) Use this to override the default endpoint
   137    URL constructed from the `region`. It's typically used to connect to
   138    dynamodb-local.
   139  
   140  * `kinesis_endpoint` - (Optional) Use this to override the default endpoint URL
   141    constructed from the `region`. It's typically used to connect to kinesalite.