Terraform: Use AWS CLI native config for credentials

Agreed. Tagged.

@robparrott @mitchellh I've started a rough implementation of this in #801.

Do you think it's worth loading info from both ~/.aws/credentials and ~/.aws/config? It looks like the CLI tools default to storing access/secret keys in credentials, and it seems the only other relevant config option in config is region.

Admittedly I've not used terraform that much, but it seems like region would be best configured in the terraform config files so that by default teams create all their infrastructure in the same region.

Thoughts?

EDIT: It seems Amazon recommend that third parties use ~/.aws/credentials and ignore ~/.aws/config.

It looks like this is already built into goamz/aws. Even though packer prompted for credentials, if I just hit enter it was still able to connect correctly.

We're using the awslabs/aws-sdk-go library, which picks up these things by default now, so I'm going to close this

This doesn't work, but looks like #2235 should take care of it.

Hi, any update on this? I agree it _should_ just work thanks to aws-sdk-go, but doesn't seem to:

$ echo $AWS_PROFILE
myprofile
$ terraform apply
provider.aws.access_key
* Error configuring aws: access_key: interrupted

Unless I'm missing something?

I agree with the comment on #2235, Packer works well with AWS profiles which is great. No need for storing separate credentials - you can simply use the same mechanism as the AWS CLI tools, e.g.

export AWS_PROFILE=myprofile
packer build packer.json
aws ec2 describe-images --owners self

Looks like there's some overlap with #2235 -- has there been any progress on this? It would be nice t see parity with packer (and many other AWS tools). Specifically, being able to load the credentials out of the ~/.aws/credentials file instead of having to manually extract them and set an environment variable would be very nice (ex: no more putting credentials in your shell's history).

Totally +1 on this. As a newcomer to terraform, I find the initial "put your credentials here" quite off-putting, even if they can be stored in variables as mentioned in the quickstart:

https://www.terraform.io/intro/getting-started/build.html
https://www.terraform.io/intro/getting-started/variables.html

I want to have my credentials all in one place instead of copied over different formats that terraform (or potentially other software) can understand.

Seems like having credentials in one place instead of 2+ would be more secure too.

I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.