Question posted in 
I am using Terraform aws provider and I want create IAM user access key using aws_iam_access_key{} resource. But I don’t know how to retrieve the secret key. I create the resource like this:
resource "aws_iam_access_key" "main_user_access_key" {
user = aws_iam_user.main_user.name
}
And then I use Terraform output block like that:
output "main_user_secret_key" {
value = aws_iam_access_key.main_user_access_key.encrypted_ses_smtp_password_v4
sensitive = true
}
And use another Terraform output block in the root module:
output "main_module_outputs" {
value = module.main
}
But after doing all these steps all I get of output is "tostring(null)"
"main_user_secret_key" = tostring(null)
Has anyone encountered similar problem ? What am I doing wrong and how could this be solved ?
2
Answers
The problem was me not specifying the
pgp_keyargument and usingencrypted_ses_smtp_password_v4attribute instead ofencrypted_secretin the output. I did not read the documentation carefully telling that the attribute will only be generated ifpgp_keyis specified.Things seem to be working now and the secret key gets generated.
The
pgp_keyargument in theaws_iam_access_keyresource encrypts the secret access key using a PGP (Pretty Good Privacy) key. so when you include apgp_key, Terraform provides encrypted versions of the secret key through attributes likeencrypted_secret.This will normally solve it out.