Unable to access AWS account through terraform AWS provider

RamsinKhnania
December 14, 2022
286 views
2 votes
3 Answers

I’m facing a issue, status code is:401

"creating ec2 instance: authfailure: aws was not able to validate the provided access credentials │ status code: 401, request id: d103063f-0b26-4b84-9719-886e62b0e2b1"

the instance code:

resource "aws_instance" "test-EC2" {
    instance_type = "t2.micro"
    ami = "ami-07ffb2f4d65357b42"
}

I have checked the AMI region still not working

any help would be appreciated

I am looking for a way to create and destroy tokens via the management console provided by AWS. I am learning about terraform AWS provider which requires an access key, a secret key and a token.

Answers

- Leo
- December 16, 2022 at 11:41 am
- 0 votes
0
Do you have an aws provider defined in your terraform configuration?
```
provider "aws" {
  region     = var.aws_region
  profile    = var.aws_profile
}
```
Login or Signup to reply.

- SunnyNazar
- December 16, 2022 at 12:10 pm
- 0 votes
0
if you are running this locally, please have an IAM user profile set (use aws configure) and export that profile in your current session.

aws configure –profile xxx

export AWS_PROFILE=xxx

once you have the profile set, this should work.

If you are running this deployment in any pipleine like Github Action, you could also make use of OpenId connect to avoid any accesskey and secretkey.

Please find the detailed setup for OpenId connect here.

Login or Signup to reply.

- ishuar
- December 19, 2022 at 1:09 pm
- 0 votes
0
As stated in the error message :
creating ec2 instance: authfailure: aws was not able to validate the provided access credentials │ status code: 401, request id: d103063f-0b26-4b84-9719-886e62b0e2b1".

It is clear that terraform is not able to authenticate itself using terraform AWS-provider.

You have to have a provider block in your terraform configuration to use one of the supported ways to get authenticated.
```
provider "aws" {
  region = var.aws_region
}
```
In general, the following are the ways to get authenticated to AWS via the AWS-terraform provider.
- Parameters in the provider configuration
- Environment variables
- Shared credentials files
- Shared configuration files
- Container credentials
- Instance profile credentials and region
For more details, please take a look at: https://registry.terraform.io/providers/hashicorp/aws/latest/docs#authentication-and-configuration

By default, if you are already programmatically signed in to your AWS account AWS-terraform provider will use those credentials.

For example:
- If you are using aws_access_key_id and aws_secret_access_key to authenticate yourself then you might have a profile for these credentials. you can check this info in your $HOME/.aws/credentials config file.
  - export the profile using the below command and you are good to go.
```
export AWS_PROFILE="name_of_profile_using_secrets"
```
- If you have a SSO user for authentication
  - Then you might have a sso profile available in $HOME/.aws/config In that case you need to sign in with the respective aws sso profile using the below command
```
aws sso login --profile <sso_profile_name>
```
- If you don’t have a SSO profile yet you can also configure it using the below commands and then export it.
```
aws configure sso
[....] # configure your SSO 
export AWS_PROFILE=<your_sso_profile>
```
Login or Signup to reply.

Please signup or login to give your own answer.

Click here to cancel reply.

Unable to access AWS account through terraform AWS provider —

Answers