Provisioning into a cloud account requires credentials. Static credentials are easy, but can be risky. A tool such as HashiCorp Vault can help generate short lived (“dynamic”) credentials, but that requires Vault, along with some external automation or added Terraform code. Is there another approach that will increase security and reduce risk, with little manual effort?

What You’ll Learn

In this talk Andy will show how the newly released Terraform Cloud Agent can be used to leverage the cloud provider IAM systems to generate short lived credentials with limited blast radius. This approach eliminates the need to place cloud credentials in your Terraform workspaces, and fully supports your multi-account strategy.

Speaker: Andy Assareh

Slides available here

#terraform