This repository was archived by the owner on Feb 5, 2024. It is now read-only.
This repository was archived by the owner on Feb 5, 2024. It is now read-only.
Docs: Research aws-vault usage with instructions for MFA for IAM roles stuff. #38
Description
Things like:
$ STAGE=sandbox aws-vault exec <superadmin-user> -- yarn tf:service:applyWill hit errors like:
14 errors occurred:
* module.serverless_vpc.aws_iam_policy.developer: 1 error occurred:
* aws_iam_policy.developer: Error creating IAM policy tf-simple-reference-sandbox-developer-vpc: InvalidClientTokenId: The security token included in the request is invalid
status code: 403, request id: 2ba766b9-356d-41cb-bc8e-fe5445760c6e
... similar stuff ...
If they are creating/deleting IAM roles from normal aws-vault usage.--no-session gets around this, but underlying issues:
- InvalidClientTokenId error when creating IAM role with vault credentials and terraform 99designs/aws-vault#266
- Credentials not good enough for IAM operations 99designs/aws-vault#455
Task
- Come up with way for MFA to work as normal.
- Document how to apply this for the IAM (or all) commands
Reactions are currently unavailable