Vault: Registers the AWS User credentials in Vault. Note: Please do not register the ROOT User tokens from your AWS instance.
This function registers the AWS User credentials in Vault used to get the Access Key ID and Secret Access Key for Users and roles in AWS.
Examples of role policy and trust policy required in AWS:
Usage
config_aws_root_creds(
url = NULL,
token = NULL,
aws_key = NULL,
aws_secret = NULL,
aws_region = NULL
)Arguments
- url
URL of the HashiCorp Vault instance.
- token
token from user/github/approle/etc.... registered in Vault.
- aws_key
AWS Access Key ID from IAM User registered in AWS.
- aws_secret
AWS Secret Access Key from IAM User registered in AWS.
- aws_region
AWS Region where IAM User is registered in
Value
Writes the AWS Access Key ID, AWS Secret Access Key, Region used by the registered IAM User in AWS to Vault.
Details
Example Trust Policy required in AWS:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::ACCOUNT-ID-WITHOUT-HYPHENS:user/VAULT-AWS-ROOT-CONFIG-USER-NAME"
},
"Action": "sts:AssumeRole"
}
]
}
Example IAM User Policy required in AWS:
{
"Version": "2012-10-17",
"Statement": {
"Effect": "Allow",
"Action": "sts:AssumeRole",
"Resource": "arn:aws:iam::ACCOUNT-ID-WITHOUT-HYPHENS:role/RoleNameToAssume"
}
}