Commit Graph

25 Commits

Author SHA1 Message Date
Ian Duffy
767914bbdc [GH-1275] Support for AWS access via IAMs AssumeRole functionality
This commit enables terraform to utilise the assume role functionality
of sts to execute commands with different privileges than the API
keys specified.

Signed-off-by: Ian Duffy <ian@ianduffy.ie>
2016-09-02 10:22:57 -07:00
Renier Morales
c2bcb5fbe5 Skip IAM/STS validation and metadata check (#7874)
* Skip IAM/STS validation and metadata check

* Skip IAM/STS identity validation - For environments or other api
  implementations where there are no IAM/STS endpoints available, this
  option lets you opt out from that provider initialization step.
* Skip metdata api check - For environments in which you know ahead of
  time there isn't going to be a metadta api endpoint, this option lets
  you opt out from that check to save time.

* Allow iam/sts initialization even if skipping account/cred validation

(#7874)

* Split out skip of IAM validation into credentials and account id

(#7874)
2016-08-10 15:10:34 +01:00
John Engelman
14f6f90621 Support standard AWS config in the S3 remote backend. (#5270) 2016-05-06 17:52:18 +01:00
Paul Hinze
ba21769083 Merge pull request #2903 from kjmkznr/remote-s3-sse-kms
state/remote/s3: Allows KMS Key Encryption setting when using S3 backend with encrypt
2016-01-19 18:54:03 -06:00
Sander van Harmelen
9b27db6fea Add the option to specify a custom (AWS compatible) S3 endpoint
Same fix/option as I added in Vault not too long ago:
https://github.com/hashicorp/vault/pull/750
2016-01-11 14:28:52 +01:00
Rafal Jeczalik
9e66e18334 provider/aws: fix for https://github.com/aws/aws-sdk-go/issues/452 2015-11-24 09:30:21 +01:00
Paul Hinze
cadbbbae08 aws: fix build after upstream breaking change
see
1a69d06935
2015-10-29 18:52:10 -05:00
Jeff Mitchell
1373a6086b Use cleanhttp for new http clients 2015-10-22 14:23:59 -04:00
Jeff Mitchell
b0ceffc322 Remove usage from dependencies as well. Other dependencies need upstream merging to completely solve this. 2015-10-19 12:06:34 -04:00
Kazunori Kojima
9186c29dd8 Fix typo 2015-10-07 23:39:08 +09:00
Kazunori Kojima
576b2d1109 Change KMS Key ID configuration name to used in other 2015-10-07 23:09:03 +09:00
Kazunori Kojima
ba8f1fa1f0 Add support S3 server side encryption with KMS.
* Example

```
terraform remote config \
  -backend=s3
  -backend-config="bucket=bucket-tfstate"
  -backend-config="key=terraform.tfstate"
  -backend-config="region=ap-northeast-1"
  -backend-config="encrypt=1"
  -backend-config="kmsKeyID=arn:aws:kms:ap-northeast-1:123456789:key/ac54dbd2-f301-42c1-bab9-88e6a84292a9"
```
2015-10-07 23:03:55 +09:00
Martin Atkins
ccc8f0d0fb S3 remote state use application/json Content-Type.
The state is always JSON, in spite of the fact that this interface
presents it as an opaque byte array. It's more helpful to those interacting
with the state object outside of Terraform for it to have a more specific
content-type.
2015-10-03 18:02:36 -07:00
Radek Simko
3d77d158f7 remote/s3: Add support for ACL 2015-09-14 10:40:46 +01:00
Paul Hinze
1a44b427a7 state/remote/s3: match with upstream changes 2015-08-10 15:46:22 -05:00
Clint Shryock
579ccbefea provider/aws: Update source to comply with upstream breaking change 2015-07-28 15:29:46 -05:00
Mitchell Hashimoto
e135ff546a state/remote: clean up the encryption flag stuff
/cc @hobbeswalsh
2015-06-25 09:23:12 -07:00
Robin Walsh
ad17cf55a0 Allowing at-rest encryption when using S3
This change allows the user to specify `-backend-config="encrypt=1"`
to tell S3 to encrypt the data that's in the bucket when using S3
for remote config storage.

The encryption uses "Amazon S3-managed encryption keys" so it should
not require any further user intervention.

A line was added to the unit test just for coverage.
The acceptance test was modified to:
  a) Use encryption
  b) Push some test data up to the bucket created to ensure
     that Amazon accepts the header.
2015-06-19 11:33:03 -07:00
Paul Hinze
b71fa3d0ae provider/aws: handle upstream aws-sdk-go repo move
`awslabs/aws-sdk-go => aws/aws-sdk-go`

Congrats to upstream on the promotion. :)
2015-06-03 13:36:57 -05:00
Clint Shryock
883e2848c6 update remote state s3 file to fix error 2015-05-20 15:20:30 -05:00
Paul Hinze
31258e06c6 provider/aws: fix breakages from awserr refactor
This landed in aws-sdk-go yesterday, breaking the AWS provider in many places:

3c259c9586

Here, with much sedding, grepping, and manual massaging, we attempt to
catch Terraform up to the new `awserr.Error` interface world.
2015-05-20 06:21:23 -05:00
Sander van Harmelen
897bf5e53d Added SharedCredentialsProvider and EC2RoleProvider as well... 2015-05-05 20:38:35 +02:00
Sander van Harmelen
5435815524 Fixing PR #1804 2015-05-05 20:30:35 +02:00
Sander van Harmelen
7274de3c1d Small fix needed to be inline with the updated AWS SDK again...
Executed a couple of AWS ACC test as well to make sure everything works
properly again after this fix…
2015-05-05 12:26:26 +02:00
Martin Atkins
53e93d6f63 S3 remote stage storage backend, against the new remote state API.
Stores state in a particular key in a given S3 bucket.
2015-04-30 09:21:49 -07:00