Skip to main content

AWS Multi-Account Strategy

It's possible to use a different set of credentials for operations against multiple resources.

In this example, we'll configure credentials for a QA and Production environment and use each set of credentials against a different resource.

  1. Create the following GitHub Secrets in your Terraform repository

    • QA_AWS_ACCESS_KEY_ID
    • QA_AWS_SECRET_ACCESS_KEY
    • PROD_AWS_ACCESS_KEY_ID
    • PROD_AWS_SECRET_ACCESS_KEY
  2. Add the following hooks to your Terrateam configuration file

hooks:
plan:
pre:
# Set AWS credentials and profile for the QA environment
- type: run
cmd: ["aws", "configure", "set", "aws_access_key_id", "$QA_AWS_ACCESS_KEY_ID", "--profile", "qa"]
- type: run
cmd: ["aws", "configure", "set", "aws_secret_access_key", "$QA_AWS_SECRET_ACCESS_KEY", "--profile", "qa"]
# Set AWS credentials and profile for the Production environment
- type: run
cmd: ["aws", "configure", "set", "aws_access_key_id", "$PROD_AWS_ACCESS_KEY_ID", "--profile", "production"]
- type: run
cmd: ["aws", "configure", "set", "aws_secret_access_key", "$PROD_AWS_SECRET_ACCESS_KEY", "--profile", "production"]
post: []
apply:
pre:
# Set AWS credentials and profile for the QA environment
- type: run
cmd: ["aws", "configure", "set", "aws_access_key_id", "$QA_AWS_ACCESS_KEY_ID", "--profile", "qa"]
- type: run
cmd: ["aws", "configure", "set", "aws_secret_access_key", "$QA_AWS_SECRET_ACCESS_KEY", "--profile", "qa"]
# Set AWS credentials and profile for the Production environment
- type: run
cmd: ["aws", "configure", "set", "aws_access_key_id", "$PROD_AWS_ACCESS_KEY_ID", "--profile", "production"]
- type: run
cmd: ["aws", "configure", "set", "aws_secret_access_key", "$PROD_AWS_SECRET_ACCESS_KEY", "--profile", "production"]
post: []
  1. Use the desired profile in your AWS provider configuration in your Terraform repository

ec2/qa/main.tf

provider "aws" {
profile = "qa"
}

ec2/production/main.tf

provider = "aws" {
profile = "production"
}

See the official AWS Provider documentation for more details.