How to make Terraform to read AWS Credentials file?

Question

I am trying to create an AWS S3 bucket using terraform and this is my code:

provider "aws" {
  profile = "default"
  region  = "ap-south-1"
}

resource "aws_s3_bucket" "first_tf" {
  bucket = "svk-pl-2909202022"
  acl    = "private"
}

I have manually created the "Credentials" file using Notepad and also removed the ".txt" extension using Powershell and stored that file in C:\Users\terraform\.aws, and that file is like this:

[default]
aws_access_key_id=**************
aws_secret_access_key=************

But when I try to run terraform plan, I get an error which says

ERROR: error configuring Terraform AWS Provider: no valid credential sources for Terraform AWS Provider found

Then, I also tried to create that "Credentials" file by installing AWS CLI, I ran the command

aws configure --profile terraform

where terraform was my username. So, it asked me to enter aws_access_key_id and aws_secret_access_key. and after entering all the credentials, I ran the command terraform init, which ran successfully but when I ran terraform plan, it shows the error again which says:

ERROR: error configuring Terraform AWS Provider: no valid credential sources for Terraform AWS Provider found

Answer 1

When you create a profile manually

provider "aws" {
  region                  = "your region"
  shared_credentials_file = "path_file_credentials like C:\Users\terraform\.aws\credentials"
  profile                 = "profile_name"
}

When you don't want to put your shared file manually

That needs to be in this path %USERPROFILE%.aws\credentials

provider "aws" {
  region                  = "your region"
  profile                 = "profile_name"
}

If you want to put your credentials in a tf file

provider "aws" {
  region     = "us-west-2"
  access_key = "my-access-key"
  secret_key = "my-secret-key"
}

Answer 2

The path where you are storing the credentials file is wrong.

C:\Users\your-username\.aws

You can add these below files in the above location.

credentials

[default]
aws_access_key_id = your access key
aws_secret_access_key = your secret key

config

[default]
region=ap-south-1

And you don't need to configure any thing into terraform or python if you're using boto3. Terraform and boto3 will automatically find the desired credentials file.

Answer 3

You have to set up a custom section in your credentials file with the command

aws configure --profile=prod 

in order to use env variable like this.

Answer 4

when you have AWS cli already installed in local then go to config file path: %USERPROFILE%\.aws\credentials Update Credentials as below:

[default]
aws_access_key_id = "xxxxx"
aws_secret_access_key = "xxxxx"
region= us-east-1

Answer 5

I've spent quite a bit of time trying to figure out how to get Terraform to read ~/.aws/credentials. The only option that worked for me was specifying AWS_PROFILE environment var to point it to the specific section of the credentials file.

AWS_PROFILE=prod terraform plan

or

export AWS_PROFILE=prod 
terraform plan

The fact that the shared_credentials_file and/or the profile options in the provider section get ignored looks like a bug to me.