Does Terraform have some native functionality to take aws_iam_access_key access key and secret access key output and place this in something like AWS paramstore or AWS secrets?
I'm looking to reduce any number of manual steps in the terraform creation of an AWS IAM user, so that the access and secret key are safely stored.
Reference: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_access_key
Yes, you just need to pass those values to a new SecretsManager Secret resource (just like you would do to create anything else in Terraform). If you want to store multiple values in a JSON Secret then you could use the jsonencode function.
resource "aws_iam_access_key" "lb" {
user = aws_iam_user.lb.name
pgp_key = "keybase:some_person_that_exists"
}
resource "aws_secretsmanager_secret" "example" {
name = "example"
}
resource "aws_secretsmanager_secret_version" "example" {
secret_id = aws_secretsmanager_secret.example.id
secret_string = jsonencode({id: aws_iam_access_key.lb.id, key: aws_iam_access_key.lb.secret})
}