Terraform module which creates IAM resources on Yandex Cloud.
You can find full example of module usage in folder example/
module "iam" {
source = ""
version = "~> 0.0.1"
service_accounts = {
folder-editor = {
description = "Service account to manage folder"
folder_id = "folderId"
role = "editor"
create_static_keys = false
},
s3-editor = {
description = "Service account to manage S3"
folder_id = "folderId"
role = "storage.admin"
create_static_keys = true
}
}
}
There is posibility to encrypt output static keys of service accounts with GPG keys. For encryption there is need to:
- Create key, f.e.
gpg --gen-key
- Export key in binary format
gpg --output public-key-binary.gpg --export [email protected]
and use the local terraform provider to read the base64-encoded content of the file. - write path of the exported key in
data "local_file" "pgp_key"
- Run
tf apply
and get output forservice_accounts_static_keys_encrypted
- Export env variable for correct decrypt via gpg
export GPG_TTY=$(tty)
- Decrypt:
echo -e "wcDMA/Xr4VdCf3d6AQwABEJLZmeErwifMsu2N34k/v1d77yZr9fbZTsir/++//mY8cK4gIJ7HvhIQIA" | base64 -d | gpg --decrypt
- Here we are!
Also there is no nessesary to use GPG and encryption - even if pgp_key
varibale will be without any value (null) or just commented in example/main.tf, terraform will create plain text static_keys