Skip to content

Latest commit

 

History

History
74 lines (51 loc) · 3.56 KB

authentication.md

File metadata and controls

74 lines (51 loc) · 3.56 KB
page_title
Authentication

Authentication

Environment variables are the only supported authentication method, and should be present when running any terraform command. For example:

export GOOGLE_APPLICATION_CREDENTIALS_DATA="$(cat service_account.json)"
terraform apply

Amazon Web Services

  • AWS_ACCESS_KEY_ID - Access key identifier.
  • AWS_SECRET_ACCESS_KEY - Secret access key.
  • AWS_SESSION_TOKEN - (Optional) Session token.

See the AWS documentation to obtain these variables directly.

Alternatively, for more idiomatic or advanced use cases, follow the Terraform AWS provider documentation and run the following commands in the permissions/aws directory:

terraform init && terraform apply
export AWS_ACCESS_KEY_ID="$(terraform output --raw aws_access_key_id)"
export AWS_SECRET_ACCESS_KEY="$(terraform output --raw aws_secret_access_key)"

Microsoft Azure

  • AZURE_CLIENT_ID - Client identifier.
  • AZURE_CLIENT_SECRET - Client secret.
  • AZURE_SUBSCRIPTION_ID - Subscription identifier.
  • AZURE_TENANT_ID - Tenant identifier.

See the Azure documentation to obtain these variables directly.

Alternatively, for more idiomatic or advanced use cases, follow the Terraform Azure provider documentation and run the following commands in the permissions/az directory:

terraform init && terraform apply
export AZURE_TENANT_ID="$(terraform output --raw azure_tenant_id)"
export AZURE_SUBSCRIPTION_ID="$(terraform output --raw azure_subscription_id)"
export AZURE_CLIENT_ID="$(terraform output --raw azure_client_id)"
export AZURE_CLIENT_SECRET="$(terraform output --raw azure_client_secret)"

Google Cloud Platform

  • GOOGLE_APPLICATION_CREDENTIALS - Path to (or contents of) a service account JSON key file.

See the GCP documentation to obtain these variables directly.

Alternatively, for more idiomatic or advanced use cases, follow the Terraform GCP provider documentation and run the following commands in the permissions/gcp directory:

terraform init && terraform apply
export GOOGLE_APPLICATION_CREDENTIALS_DATA="$(terraform output --raw google_application_credentials_data)"

Kubernetes

Either one of:

  • KUBECONFIG - Path to a kubeconfig file.
  • KUBECONFIG_DATA - Alternatively, the contents of a kubeconfig file.

Alternatively, authenticate with a local kubeconfig file and run the following commands in the permissions/k8s directory:

kubectl apply --filename main.yml
export KUBECONFIG_DATA="$(bash kubeconfig.sh)"