Terraform: Get AccountID/OwnerID using IAM Credentials on AWS Provider
Hi,
This is a kinda of feature request, not sure if it exists already and I missed.
Can we get AWS AccountID as an attribute to be used in VPC peering connections.
and auto-accept VPC peering connections between different accounts.
Use Case
I have created a VPC module, that has aws profile and its CIDR as a variable.
The _main.tf_ file inside _vpc_ folder
provider "aws" {
region = "us-west-2"
profile = "${var.profile}"
}
The _main.tf_ file uses the same to create VPCs on two different accounts
module "dev_vpc" {
source = "./vpc"
profile = "aws-account-1"
cidr = "10.0.0.0/16"
}
module "prod_vpc" {
source = "./vpc"
profile = "aws-account-2"
cidr = "10.1.0.0/16"
}
After this I'm trying to peer those two VPCs, using vpc_peer module, which also uses var.profile to create the request
The _main.tf_ file inside _vpc_peer_ folder
provider "aws" {
region = "us-west-2"
profile = "${var.profile}"
}
resource "aws_vpc_peering_connection" "vpc_peer" {
peer_owner_id = "${var.to_owner_id}"
peer_vpc_id = "${var.to_vpc_id}"
vpc_id = "${aws_vpc.from_vpc_id}"
}
And calling the module like this on the _main.tf_
module "vpc_peer" {
source = "./vpc_peer"
to_owner_id = "<HARD-CODING-THIS>"
to_vpc_id = "${module.prod_vpc.vpc_id}"
from_vpc_id = "${module.dev_vpc.vpc_id}"
profile = "aws-account-1"
region = "us-west-2"
}
OwnerID of the remote VPC is hard coded on this right now
_ to_owner_id = "HARD-CODING-THIS"_
Do terraform support, getting OwnerID using the IAM credentials already?
Hope this feature would be nice, for automated peering connections
Kind of aws sts get-caller-identity
{
"Account": "xxxxxxxxxxxxxxxxx",
.....
}
Same with auto-accept, providing credentials for both accounts as profiles
shanmugakarna
All 3 comments
:+1:
koby-meir
on 9 Sep 2016
Hi @shanmugakarna
aws_caller_identity data source was added in 0.7.1. See related documentation at https://www.terraform.io/docs/providers/aws/d/caller_identity.html
Taking your example I assume you'd use it roughly like this:
data "aws_caller_identity" "current" { }
module "vpc_peer" {
source = "./vpc_peer"
to_owner_id = "${data.aws_caller_identity.current.account_id}"
to_vpc_id = "${module.prod_vpc.vpc_id}"
from_vpc_id = "${module.dev_vpc.vpc_id}"
profile = "aws-account-1"
region = "us-west-2"
}
assuming you need the account ID gathered via default AWS provider. Otherwise data sources also support provider aliases:
provider "aws" {
alias = "dev"
profile = "dev-profile"
}
provider "aws" {
alias = "prod"
profile = "prod-profile"
}
data "aws_caller_identity" "dev" {
provider = "aws.dev"
}
data "aws_caller_identity" "prod" {
provider = "aws.prod"
}
radeksimko
on 11 Sep 2016
I'm going to lock this issue because it has been closed for _30 days_ โณ. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.
![hashibot[bot] picture](https://avatars2.githubusercontent.com/in/8332?v=4&s=40)
hashibot[bot]
on 22 Apr 2020
Related issues
zeninfinity
ยท
3Comments
cpoole
ยท
3Comments
rkulagowski
ยท
3Comments
franklinwise
ยท
3Comments
ronnix
ยท
3Comments
Most helpful comment
Hi @shanmugakarna
aws_caller_identitydata source was added in0.7.1. See related documentation at https://www.terraform.io/docs/providers/aws/d/caller_identity.htmlTaking your example I assume you'd use it roughly like this:
assuming you need the account ID gathered via default AWS provider. Otherwise data sources also support provider aliases: