Skip to content

Latest commit

 

History

History
82 lines (59 loc) · 3.22 KB

vault_secrets_integration_aws.md

File metadata and controls

82 lines (59 loc) · 3.22 KB
Raw
page_title subcategory description
Resource hcp_vault_secrets_integration_aws - terraform-provider-hcp
HCP Vault Secrets
The Vault Secrets AWS integration resource manages an AWS integration.

hcp_vault_secrets_integration_aws (Resource)

The Vault Secrets AWS integration resource manages an AWS integration.

~> Note: This resource is deprecated, please use hcp_vault_secrets_integration instead.

Example Usage

resource "hcp_vault_secrets_integration_aws" "example_with_access_keys" {
  name         = "my-aws-1"
  capabilities = ["DYNAMIC", "ROTATION"]
  access_keys = {
    access_key_id     = "AKIA..."
    secret_access_key = "rgUK..."
  }
}

resource "hcp_vault_secrets_integration_aws" "example_with_identity_federation" {
  name         = "my-aws-1"
  capabilities = ["DYNAMIC", "ROTATION"]
  federated_workload_identity = {
    role_arn = "arn:aws:iam::<your-account-id>:role/<your-role>>"
    audience = "<your-audience>"
  }
}

Schema

Required

  • capabilities (Set of String) Capabilities enabled for the integration. See the Vault Secrets documentation for the list of supported capabilities per provider.
  • name (String) The Vault Secrets integration name.

Optional

  • access_keys (Attributes) AWS IAM key pair used to authenticate against the target AWS account. Cannot be used with federated_workload_identity. (see below for nested schema)
  • federated_workload_identity (Attributes) (Recommended) Federated identity configuration to authenticate against the target AWS account. Cannot be used with access_keys. (see below for nested schema)
  • project_id (String) HCP project ID that owns the HCP Vault Secrets integration. Inferred from the provider configuration if omitted.

Read-Only

  • organization_id (String) HCP organization ID that owns the HCP Vault Secrets integration.
  • resource_id (String) Resource ID used to uniquely identify the integration instance on the HCP platform.
  • resource_name (String) Resource name used to uniquely identify the integration instance on the HCP platform.

Nested Schema for access_keys

Required:

  • access_key_id (String) Key ID used with the secret key to authenticate against the target AWS account.
  • secret_access_key (String, Sensitive) Secret key used with the key ID to authenticate against the target AWS account.

Nested Schema for federated_workload_identity

Required:

  • audience (String) Audience configured on the AWS IAM identity provider to federate access with HCP.
  • role_arn (String) AWS IAM role ARN the integration will assume to carry operations for the appropriate capabilities.

Import

Import is supported using the following syntax:

# Vault Secrets AWS Integration can be imported by specifying the name of the integration
# Note that since the AWS secret access key is never returned on the Vault Secrets API,
# the next plan or apply will show a diff for that field if using the access keys authentication method.
terraform import hcp_vault_secrets_integration_aws.example my-aws-1