variable "server_port" {
description = "web server port"
default = 8080
}
resource "aws_launch_configuration" "example" {
image_id = "ami-0bea7fd38fabe821a"
instance_type = "t2.micro"
security_groups = ["${aws_security_group.instance.id}"]
user_data = <<-EOF
#!/bin/bash
echo "Hello, World" > index.html
nohup busynox httpd -f -p "${var.server_port}" &
EOF
lifecycle {
create_before_destroy = true
}
}
resource "aws_autoscaling_group" "example" {
launch_configuration = "${aws_launch_configuration.example.id}"
load_balancers = ["${aws_elb.example.name}"]
health_check_type = "ELB"
min_size = 2
max_size = 10
tag {
key = "Name"
value = "terraform-asg-example"
propagate_at_launch = true
}
}
resource "aws_security_group" "instance" {
name = "terraform-example-instance"
ingress {
from_port = "${var.server_port}"
to_port = "${var.server_port}"
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
lifecycle {
create_before_destroy = true
}
}
resource "aws_elb" "example" {
name = "terraform-asg-example"
security_groups = ["${aws_security_group.elb.id}"]
listener {
lb_port = 80
lb_protocol = "http"
instance_port = "${var.server_port}"
instance_protocol = "http"
}
health_check {
healthy_threshold = 2
unhealthy_threshold = 2
timeout = 3
interval = 30
target = "HTTP:${var.server_port}/"
}
}
resource "aws_security_group" "elb" {
name = "terraform-example-elb"
ingress {
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
[Error: Error creating Security Group: UnauthorizedOperation: You are not authorized to perform this operation. status code: 403, request id: c2e34351-7fa9-4f7e-845a-77458485bfe9
on web_infra.tf line 37, in resource "aws_security_group" "instance": 37: resource "aws_security_group" "instance" {
Error: Error creating Security Group: UnauthorizedOperation: You are not authorized to perform this operation. status code: 403, request id: 4229e1ae-a46d-42fc-8bab-4bb0b7ccd656
on web_infra.tf line 73, in resource "aws_security_group" "elb": 73: resource "aws_security_group" "elb" {]
My IAM permission is AdministratorAccess.
I found the answer.
1. aws sts get-session-token --profile default --serial-number arn:aws:iam::3423412:mfa/test@test.com --token-code 509939
2. credentials file
[mfa]
aws_arn_mfa =
aws_access_key_id =
aws_secret_access_key =
aws_session_token =
region =
3. terraform provier file
provider "aws" {
region = " "
shared_credentials_file = "credentials file"
profile = "mfa"
}