Skip to main content

AWS Static Credentials

Follow these steps to authenticate against AWS

1. Create a new IAM user

An IAM user with programmatic credentials is used to create your cloud resources.


1. Sign in to the AWS Management Console and navigate to the IAM console

2. Choose Users then Add Users

3. User name: terrateam

4. Select Access key - Programmatic access

5. Select Next: Permissions

6. Select Attach existing policies directly

7. Select PowerUserAccess

PowerUserAccess is an AWS managed IAM policy.

This policy provides full access to AWS services and resources, but does not allow management of Users and groups.

This IAM policy is merely a suggestion. Choose whichever IAM policy makes the most sense for your organization.

8. Select Next: Tags

9. Select Next: Review

10. Select Create user

11. Record the Access key ID and Secret access key

2. Add AWS credentials to GitHub Secrets

Credentials are securely stored in GitHub Secrets and exposed as obfuscated environment variables in the Terrateam GitHub Action.

GitHub Secrets for AWS authentication are typically named:

  1. Log into GitHub
  2. Navigate to the main page of your Terraform repository on GitHub
    • Example:
  3. Click ⚙️ Settings
  4. In the left sidebar, click Secrets Actions
  5. Click New repository secret
  • Value: <Your access key id>
  1. Click New repository secret
  • Value: <Your secret access key>
  1. Start using Terrateam by creating a pull request

AWS Provider Configuration Example

The aws provider automatically detects and uses the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables defined in the Terrateam GitHub Action runtime environment.


The following is an example configuration that can be used with your newly created AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY GitHub secrets.

provider "aws" {
region = "us-west-2"