I want to point out that storing tokens in s3 can be dangerous, if not configured correctly.
Make sure that you have understood how policies in AWS and access control in s3 works!. https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html
With that out of the way, this is what I have come up with:
# The user to which we will grant access to s3
resource "aws_iam_user" "user" {
name = "s3-user"
path = "/"
}
# Create the access key
resource "aws_iam_access_key" "key" {
user = aws_iam_user.user.name
}
# Create the bucket for storing tokens
resource "aws_s3_bucket" "token" {
bucket = "my_token_bucket"
acl = "private"
}
# Create the object inside the token bucket
resource "aws_s3_bucket_object" "tokens" {
bucket = aws_s3_bucket.token.id
key = "keys.txt"
server_side_encryption = "AES256"
content_type = "text/plain"
content = <<EOF
access_id: ${aws_iam_access_key.key.id}
access_secret: ${aws_iam_access_key.key.secret}
EOF
}
I haven’t tested this.
1
solved Creating IAM user via terraform and upload the secret key and access key in S3 bucket