You're going to need a new IAM User to interact with the AWS API from Terraform. This is because you have to generate an access and secret key pair. It's this set of keys that we need to use to authenticate against the AWS API.
The process of creating an IAM User is quite lengthy and extremely well documented in the official documentation. In light of this we suggest you please read the instructions under the "Creating IAM users (console)" page, but keep in mind the following information as you make your way through the list.
All of the below details are "at the time of writing" and may not be correct. Let us know if you spot this and we can update the book accordingly.
Programmatic and Console Access¶
4 in the official documentation ("Creating IAM users (console)") states:
Select the type of access this set of users will have. You can select programmatic access, access to the AWS Management Console, or both.
You will need to select both "Programmatic access" and "AWS Management Console access". You're going to need AWS API keys ("Programmatic access") and web console access ("AWS Management Console access") so that you can check youir work after Terraform has completed.
Checkout this screenshot for what this looks like:
4.b is an optional step, "Require password reset", you can select. Ultimately this is up to you - you can try forcing a new password prompt on first login for the experience - but you don't really need to do this given you're creating this account for yourself.
6 you're offered the chance to define the permission your new user account will have. Select, "Attach existing policies directly" and choose the following policies:
This looks like this:
The section in point
7 on "Set permissions boundary" can be ignored.
No tags are needed at this point.
An important part of this process is step
11, the very last step in the process. You'll have the chance now to grab several key pieces of information:
Access key ID
Secret access key
You can see this in the screenshot below:
The details in this screenshot have been deleted since publishing this image for obvious reasons. I've included them here so you can see a complete solution and compare it to your own results.
You'll notice there's an option to the far right: "Send email". This is a good idea if you want to send your self an instructional email on how-to use these credentials.
The access and secret keys are what we're going to be using later on, so make sure you store these in a password manager.
Multi-Factor Authentication (MFA)¶
We highly recommend you set up MFA on both your AWS root account and the new IAM User you just created.
This process has been documented here.
Now that we have an AWS account and a new IAM User, we can install the AWS CLI tools into our VM and check everything is working as expected.