I am trying to configure the provider to use IAM auth and receiving the following error:
Error: Error making API request.
URL: PUT https://vault.nprod.dat.internal/v1/auth/aws/login
Code: 400. Errors:
- didn’t supply required authentication values
I have configured the provider as such:
provider “vault” {
address = https://vault
auth_login {
path = "auth/aws/login"
parameters = {
role = "iam-role"
}
}
}
From the CLI I can authentication using: vault login -method=aws role=iam-role
Looking at the debug output
2020-07-13T13:18:26.745-0700 [DEBUG] plugin.terraform-provider-vault_v2.11.0_x4: PUT /v1/auth/aws/login HTTP/1.1
2020-07-13T13:18:26.745-0700 [DEBUG] plugin.terraform-provider-vault_v2.11.0_x4: Host: vault.nprod.xxx.internal
2020-07-13T13:18:26.745-0700 [DEBUG] plugin.terraform-provider-vault_v2.11.0_x4: User-Agent: Go-http-client/1.1
2020-07-13T13:18:26.745-0700 [DEBUG] plugin.terraform-provider-vault_v2.11.0_x4: Content-Length: 19
2020-07-13T13:18:26.745-0700 [DEBUG] plugin.terraform-provider-vault_v2.11.0_x4: X-Vault-Namespace:
2020-07-13T13:18:26.745-0700 [DEBUG] plugin.terraform-provider-vault_v2.11.0_x4: Accept-Encoding: gzip
2020-07-13T13:18:26.745-0700 [DEBUG] plugin.terraform-provider-vault_v2.11.0_x4:
2020-07-13T13:18:26.745-0700 [DEBUG] plugin.terraform-provider-vault_v2.11.0_x4: {
2020-07-13T13:18:26.745-0700 [DEBUG] plugin.terraform-provider-vault_v2.11.0_x4: “role”: “iam-role”
2020-07-13T13:18:26.745-0700 [DEBUG] plugin.terraform-provider-vault_v2.11.0_x4: }
It doesn’t look like the provider populates the necessary values for iam_http_request_method, iam_request_url, iam_request_body.
Should it not do this when saying use the AWS IAM authentication method much like vault CLI does?