github.com/vtorhonen/terraform@v0.9.0-beta2.0.20170307220345-5d894e4ffda7/website/source/docs/providers/aws/r/iam_access_key.html.markdown

github.com/vtorhonen/terraform@v0.9.0-beta2.0.20170307220345-5d894e4ffda7/website/source/docs/providers/aws/r/iam_access_key.html.markdown (about)

     1  ---
     2  layout: "aws"
     3  page_title: "AWS: aws_iam_access_key"
     4  sidebar_current: "docs-aws-resource-iam-access-key"
     5  description: |-
     6    Provides an IAM access key. This is a set of credentials that allow API requests to be made as an IAM user.
     7  ---
     8  
     9  # aws\_iam\_access\_key
    10  
    11  Provides an IAM access key. This is a set of credentials that allow API requests to be made as an IAM user.
    12  
    13  ## Example Usage
    14  
    15  ```
    16  resource "aws_iam_access_key" "lb" {
    17    user    = "${aws_iam_user.lb.name}"
    18    pgp_key = "keybase:some_person_that_exists"
    19  }
    20  
    21  resource "aws_iam_user" "lb" {
    22    name = "loadbalancer"
    23    path = "/system/"
    24  }
    25  
    26  resource "aws_iam_user_policy" "lb_ro" {
    27    name = "test"
    28    user = "${aws_iam_user.lb.name}"
    29  
    30    policy = <<EOF
    31  {
    32    "Version": "2012-10-17",
    33    "Statement": [
    34      {
    35        "Action": [
    36          "ec2:Describe*"
    37        ],
    38        "Effect": "Allow",
    39        "Resource": "*"
    40      }
    41    ]
    42  }
    43  EOF
    44  }
    45  
    46  output "secret" {
    47    value = "${aws_iam_access_key.lb.encrypted_secret}"
    48  }
    49  ```
    50  
    51  ## Argument Reference
    52  
    53  The following arguments are supported:
    54  
    55  * `user` - (Required) The IAM user to associate with this access key.
    56  * `pgp_key` - (Optional) Either a base-64 encoded PGP public key, or a
    57    keybase username in the form `keybase:username`.
    58  
    59  ## Attributes Reference
    60  
    61  The following attributes are exported:
    62  
    63  * `id` - The access key ID.
    64  * `user` - The IAM user associated with this access key.
    65  * `key_fingerprint` - The fingerprint of the PGP key used to encrypt
    66    the secret
    67  * `secret` - The secret access key. Note that this will be written
    68  to the state file. Please supply a `pgp_key` instead, which will prevent the
    69  secret from being stored in plain text
    70  * `encrypted_secret` - The encrypted secret, base64 encoded.
    71  ~> **NOTE:** The encrypted secret may be decrypted using the command line,
    72     for example: `terraform output secret | base64 --decode | keybase pgp decrypt`.
    73  * `ses_smtp_password` - The secret access key converted into an SES SMTP
    74    password by applying [AWS's documented conversion
    75    algorithm](https://docs.aws.amazon.com/ses/latest/DeveloperGuide/smtp-credentials.html#smtp-credentials-convert).
    76  * `status` - "Active" or "Inactive". Keys are initially active, but can be made
    77  	inactive by other means.