aws_iam_user_login_profile terraform 中的 Pgp 密钥

Pgp key in terraform for aws_iam_user_login_profile

我是 terraform 的新手,使用 terraform 创建 iam 用户

下面是 .tf 文件

resource "aws_iam_user" "lb" {
  name = "Ec2_view"

  # path = "/system/"
  # tags = {
  #   tag-key = "tag-value"
  # }
}

resource "aws_iam_access_key" "lb" {
  user = "${aws_iam_user.lb.name}"
}

resource "aws_iam_user_policy" "lb_ro" {
  name = "test"
  user = "${aws_iam_user.lb.name}"

  policy = <<EOF
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "ec2:Describe*"
      ],
      "Effect": "Allow",
      "Resource": "*"
    }
  ]
}
EOF
}

resource "aws_iam_user_login_profile" "u" {
  user                    = "${aws_iam_user.lb.name}"
  password_reset_required = true
  pgp_key="keybase:terraform_user"
}

output "password" {
value="${aws_iam_user_login_profile.u.encrypted_password"
}

pgp_key 在 aws_iam_user_login_profile 中的含义以及创建 pgp_key 并在 terraform 代码中使用它的步骤是什么?

得到答案

  1. 需要在我们本地安装Keybase
  2. 需要使用 keybase pgp gen
    3. 创建 Keybase 密钥
  3. 然后在您的 terraform 代码中给出此 Keybase 密钥的引用 keybase:username_of_keybase
  4. 然后应用 terraform
  5. 然后我们需要得到解密后的密码
terraform output -raw password | base64 --decode | keybase pgp decrypt