It’s always a good practice to keep your authentication/authorization details out of your code (or anything that’ll be shared with others via source control, etc.). So when working with AWS and Terraform, how do you securely tell it what your AWS credentials are?

The answer: $HOME/.aws/credentials

(On Windows, "%USERPROFILE%\.aws\credentials".)

This is going to be a plain text file named “credentials” in that directory. A minimal implementation will contain just 3 lines. Here’s an example:


Where do I get those two keys?

Once logged into the AWS Console, click your username at the top, then, “My Security Credentials”, then “Create New Access Key”. You’ll only see this ONCE when you create it, so copy/paste that keypair somewhere safe.

…somewhere like $HOME/.aws/credentials.

How do I tell Terraform to use this file?

You don’t have to - if it’s named and placed as above, it’ll pick up those credentials automatically.