{"id":91309,"date":"2025-01-05T03:09:18","date_gmt":"2025-01-04T23:39:18","guid":{"rendered":"https:\/\/nabfollower.com\/blog\/%d8%b1%d8%a7%d9%87-%d8%a7%d9%86%d8%af%d8%a7%d8%b2%db%8c-iam-anywhere-%d8%a8%d8%a7-%d8%a7%d8%b3%d8%aa%d9%81%d8%a7%d8%af%d9%87-%d8%a7%d8%b2-terraform\/"},"modified":"2025-01-05T03:09:18","modified_gmt":"2025-01-04T23:39:18","slug":"%d8%b1%d8%a7%d9%87-%d8%a7%d9%86%d8%af%d8%a7%d8%b2%db%8c-iam-anywhere-%d8%a8%d8%a7-%d8%a7%d8%b3%d8%aa%d9%81%d8%a7%d8%af%d9%87-%d8%a7%d8%b2-terraform","status":"publish","type":"post","link":"https:\/\/nabfollower.com\/blog\/%d8%b1%d8%a7%d9%87-%d8%a7%d9%86%d8%af%d8%a7%d8%b2%db%8c-iam-anywhere-%d8%a8%d8%a7-%d8%a7%d8%b3%d8%aa%d9%81%d8%a7%d8%af%d9%87-%d8%a7%d8%b2-terraform\/","title":{"rendered":"\u0631\u0627\u0647 \u0627\u0646\u062f\u0627\u0632\u06cc IAM Anywhere \u0628\u0627 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 terraform"},"content":{"rendered":"<div data-article-id=\"2189410\" id=\"article-body\">\n<p>\u0627\u06cc\u0646 \u067e\u0633\u062a \u0634\u0645\u0627 \u0631\u0627 \u062f\u0631 \u0645\u0631\u0627\u062d\u0644 \u067e\u06cc\u06a9\u0631\u0628\u0646\u062f\u06cc IamAnywhere \u062f\u0631 AWS \u0628\u0627 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 Terraform \u0648 \u06af\u0648\u0627\u0647\u06cc\u200c\u0647\u0627\u06cc \u0633\u0641\u0627\u0631\u0634\u06cc \u0631\u0627\u0647\u0646\u0645\u0627\u06cc\u06cc \u0645\u06cc\u200c\u06a9\u0646\u062f.<\/p>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 counter-hierarchy ez-toc-counter-rtl ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">\u0641\u0647\u0631\u0633\u062a \u0645\u0637\u0627\u0644\u0628<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/nabfollower.com\/blog\/%d8%b1%d8%a7%d9%87-%d8%a7%d9%86%d8%af%d8%a7%d8%b2%db%8c-iam-anywhere-%d8%a8%d8%a7-%d8%a7%d8%b3%d8%aa%d9%81%d8%a7%d8%af%d9%87-%d8%a7%d8%b2-terraform\/#%D8%A7%D9%84%D8%B2%D8%A7%D9%85%D8%A7%D8%AA\" >\u0627\u0644\u0632\u0627\u0645\u0627\u062a<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/nabfollower.com\/blog\/%d8%b1%d8%a7%d9%87-%d8%a7%d9%86%d8%af%d8%a7%d8%b2%db%8c-iam-anywhere-%d8%a8%d8%a7-%d8%a7%d8%b3%d8%aa%d9%81%d8%a7%d8%af%d9%87-%d8%a7%d8%b2-terraform\/#%D8%AF%D8%A7%D9%85%D9%86%D9%87\" >\u062f\u0627\u0645\u0646\u0647<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/nabfollower.com\/blog\/%d8%b1%d8%a7%d9%87-%d8%a7%d9%86%d8%af%d8%a7%d8%b2%db%8c-iam-anywhere-%d8%a8%d8%a7-%d8%a7%d8%b3%d8%aa%d9%81%d8%a7%d8%af%d9%87-%d8%a7%d8%b2-terraform\/#%DA%A9%D8%AF_%D9%85%D8%A7%DA%98%D9%88%D9%84_Terraform\" >\u06a9\u062f \u0645\u0627\u0698\u0648\u0644 Terraform<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/nabfollower.com\/blog\/%d8%b1%d8%a7%d9%87-%d8%a7%d9%86%d8%af%d8%a7%d8%b2%db%8c-iam-anywhere-%d8%a8%d8%a7-%d8%a7%d8%b3%d8%aa%d9%81%d8%a7%d8%af%d9%87-%d8%a7%d8%b2-terraform\/#%DA%A9%D8%AF_Terraform_%DA%A9%D9%87_%D9%85%D8%AA%D8%BA%DB%8C%D8%B1%D9%87%D8%A7%DB%8C%DB%8C_%D8%B1%D8%A7_%D8%A8%D8%B1%D8%A7%DB%8C_%D9%81%D8%B1%D8%A7%D8%AE%D9%88%D8%A7%D9%86%DB%8C_%D9%85%D8%A7%DA%98%D9%88%D9%84_%D8%AA%D9%86%D8%B8%DB%8C%D9%85_%D9%85%DB%8C_%DA%A9%D9%86%D8%AF\" >\u06a9\u062f Terraform \u06a9\u0647 \u0645\u062a\u063a\u06cc\u0631\u0647\u0627\u06cc\u06cc \u0631\u0627 \u0628\u0631\u0627\u06cc \u0641\u0631\u0627\u062e\u0648\u0627\u0646\u06cc \u0645\u0627\u0698\u0648\u0644 \u062a\u0646\u0638\u06cc\u0645 \u0645\u06cc \u06a9\u0646\u062f<\/a><\/li><\/ul><\/nav><\/div>\n<h2><span class=\"ez-toc-section\" id=\"%D8%A7%D9%84%D8%B2%D8%A7%D9%85%D8%A7%D8%AA\"><\/span>\n<p>  \u0627\u0644\u0632\u0627\u0645\u0627\u062a<br \/>\n<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<ol>\n<li>\u062d\u0633\u0627\u0628 AWS.<\/li>\n<li>Terraform.<\/li>\n<\/ol>\n<h2><span class=\"ez-toc-section\" id=\"%D8%AF%D8%A7%D9%85%D9%86%D9%87\"><\/span>\n<p>  \u062f\u0627\u0645\u0646\u0647<br \/>\n<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>\u0645\u0627 \u0642\u0635\u062f \u062f\u0627\u0631\u06cc\u0645 IamAnywhere \u0631\u0627 \u067e\u06cc\u06a9\u0631\u0628\u0646\u062f\u06cc \u06a9\u0646\u06cc\u0645 \u062a\u0627 \u0627\u062c\u0627\u0632\u0647 \u062f\u0633\u062a\u0631\u0633\u06cc \u0628\u0647 \u0622\u0646 \u0631\u0627 \u0628\u062f\u0647\u062f <code>krakenmoto<\/code> \u0633\u0637\u0644 \u062f\u0631 S3.<\/p>\n<p><code>Initial steps<\/code><\/p>\n<ol>\n<li>\u067e\u06cc\u06a9\u0631\u0628\u0646\u062f\u06cc \u06a9\u0646\u06cc\u062f <code>Certificate Authority<\/code>. \u0628\u0631\u0627\u06cc \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 AWS IAM \u062f\u0631 \u0647\u0631 \u0645\u06a9\u0627\u0646\u06cc \u0628\u0647 \u06af\u0648\u0627\u0647\u06cc X.509 \u0646\u06cc\u0627\u0632 \u062f\u0627\u0631\u06cc\u0645 \u06a9\u0647 \u062a\u0648\u0633\u0637 \u06cc\u06a9 CA (\u0645\u0631\u062c\u0639 \u0635\u062f\u0648\u0631 \u06af\u0648\u0627\u0647\u06cc\u0646\u0627\u0645\u0647) \u0635\u0627\u062f\u0631 \u0634\u062f\u0647 \u0628\u0627\u0634\u062f. \u0645\u06cc \u062a\u0648\u0627\u0646\u06cc\u062f \u0627\u0632 \u0627\u0633\u06a9\u0631\u06cc\u067e\u062a \u0632\u06cc\u0631 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0646\u06cc\u062f \u062a\u0627 \u0628\u062a\u0648\u0627\u0646\u06cc\u062f \u0627\u06cc\u062c\u0627\u062f \u06a9\u0646\u06cc\u062f.  <code>Bundle-Certificate<\/code> \u0627\u0632 \u062c\u0645\u0644\u0647 <code>PrivateCA.pem<\/code> \u0648 <code>client.key<\/code> \u06a9\u0647 \u0642\u0631\u0627\u0631 \u0627\u0633\u062a \u067e\u0633 \u0627\u0632 \u0622\u0645\u0627\u062f\u0647 \u0634\u062f\u0646 \u0632\u06cc\u0631\u0633\u0627\u062e\u062a \u0628\u0631\u0627\u06cc \u067e\u06cc\u06a9\u0631\u0628\u0646\u062f\u06cc \u062f\u0633\u062a\u0631\u0633\u06cc \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0634\u0648\u0646\u062f.<\/li>\n<\/ol>\n<p><code>certificate.sh<\/code><\/p>\n<div class=\"highlight js-code-highlight\">\n<pre class=\"highlight plaintext\"><code>#!\/bin\/bash\n\nSERVER=\"${SERVER:-client}\"\n\nOUTPUT_PATH=${OUTPUT_PATH:-certificates}\nmkdir -p $OUTPUT_PATH\n\nCORPORATION=GERSONPLACE\nGROUP=\"Engineering\"\nCITY=\"Cartago\"\nSTATE=\"Paraiso\"\nCOUNTRY=CR\n\nCERT_AUTH_PASS=`openssl rand -base64 32`\necho $CERT_AUTH_PASS &gt; cert_auth_password\nCERT_AUTH_PASS=`cat cert_auth_password`\n\ncat -&lt;<eof> config.cnf\n[ req ]\ndistinguished_name  = req_distinguished_name\nattributes      = req_attributes\n\n[ req_distinguished_name ]\ncountryName         = Country Name (2 letter code)\ncountryName_min         = 2\ncountryName_max         = 2\nstateOrProvinceName     = State or Province Name (full name)\nlocalityName            = Locality Name (eg, city)\n0.organizationName      = Organization Name (eg, company)\norganizationalUnitName      = Organizational Unit Name (eg, section)\ncommonName          = Common Name (eg, fully qualified host name)\ncommonName_max          = 64\nemailAddress            = Email Address\nemailAddress_max        = 64\n\n[ req_attributes ]\nchallengePassword       = A challenge password\nchallengePassword_min       = 4\nchallengePassword_max       = 20\n\n[ v3_ca ]\nbasicConstraints        = critical, CA:TRUE\nsubjectKeyIdentifier    = hash\nauthorityKeyIdentifier  = keyid:always, issuer:always\nkeyUsage                = critical, cRLSign, digitalSignature, keyCertSign\n\n[SAN]\nsubjectAltName=DNS:$SERVER\"\nEOF\n\necho \"Create the certificate authority\"\nopenssl genrsa -out $OUTPUT_PATH\/PrivateCA.key 4096\nopenssl \\\n  req \\\n  -subj \"\/CN=$SERVER.ca\/OU=$GROUP\/O=$CORPORATION\/L=$CITY\/ST=$STATE\/C=$COUNTRY\" \\\n  -new \\\n  -x509 \\\n  -passout pass:$CERT_AUTH_PASS \\\n  -key $OUTPUT_PATH\/PrivateCA.key \\\n  -out $OUTPUT_PATH\/PrivateCA.pem \\\n  -config config.cnf \\\n  -extensions v3_ca \\\n  -days 36500\n\necho \"Create client private key (used to decrypt the cert we get from the CA)\"\nopenssl genrsa -out $OUTPUT_PATH\/$SERVER.key 4096\n\ncat -&lt;<eof> client.ext\nbasicConstraints = CA:FALSE\nauthorityKeyIdentifier = keyid,issuer\nkeyUsage = nonRepudiation, digitalSignature, keyEncipherment, dataEncipherment\nEOF\n\necho \"Create the CSR(Certitificate Signing Request)\"\n\nopenssl req -new -key $OUTPUT_PATH\/$SERVER.key -out $SERVER.csr -nodes \\\n  -subj \"\/CN=$SERVER\/OU=$GROUP\/O=$CORPORATION\/L=$CITY\/ST=$STATE\/C=$COUNTRY\" \\\n  -sha256\n\necho \"Sign the certificate with the certificate authority\"\nopenssl x509 -req -in $SERVER.csr -CA $OUTPUT_PATH\/PrivateCA.pem -CAkey $OUTPUT_PATH\/PrivateCA.key -CAcreateserial -out $OUTPUT_PATH\/$SERVER.pem \\\n  -days 36500 \\\n  -extfile client.ext \\\n  -passin pass:$CERT_AUTH_PASS\n<\/eof><\/eof><\/code><\/pre>\n<div class=\"highlight__panel js-actions-panel\">\n<div class=\"highlight__panel-action js-fullscreen-code-action\">\n    <svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" class=\"highlight-action crayons-icon highlight-action--fullscreen-on\"><title>\u0648\u0627\u0631\u062f \u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u0634\u0648\u06cc\u062f<\/title>\n    <path d=\"M16 3h6v6h-2V5h-4V3zM2 3h6v2H4v4H2V3zm18 16v-4h2v6h-6v-2h4zM4 19h4v2H2v-6h2v4z\"\/>\n<\/svg><\/p>\n<p>    <svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" class=\"highlight-action crayons-icon highlight-action--fullscreen-off\"><title>\u0627\u0632 \u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u062e\u0627\u0631\u062c \u0634\u0648\u06cc\u062f<\/title>\n    <path d=\"M18 7h4v2h-6V3h2v4zM8 9H2V7h4V3h2v6zm10 8v4h-2v-6h6v2h-4zM8 15v6H6v-4H2v-2h6z\"\/>\n<\/svg><\/p>\n<\/div>\n<\/div>\n<\/div>\n<p>\u0627\u0633\u06a9\u0631\u06cc\u067e\u062a \u0631\u0627 \u0627\u062c\u0631\u0627 \u06a9\u0646\u06cc\u062f <code>.\/certificate.sh<\/code> \u0648 \u06af\u0648\u0627\u0647\u06cc\u0646\u0627\u0645\u0647 \u0647\u0627\u06cc \u0645\u0648\u0631\u062f \u0646\u06cc\u0627\u0632 \u0631\u0627 \u062f\u0631 \u062f\u0627\u062e\u0644 \u0627\u06cc\u062c\u0627\u062f \u0645\u06cc \u06a9\u0646\u062f <code>\/certificates<\/code> \u067e\u0648\u0634\u0647<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/media2.dev.to\/dynamic\/image\/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto\/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fufsb4ynuyj7xdxsp28x4.png\" alt=\"\u062a\u0648\u0636\u06cc\u062d\u0627\u062a \u062a\u0635\u0648\u06cc\u0631\" loading=\"lazy\" width=\"181\" height=\"164\" title=\"\"><\/p>\n<p>\u0647\u0646\u06af\u0627\u0645\u06cc \u06a9\u0647 \u0634\u0645\u0627 \u062e\u0648\u062f \u0631\u0627 \u062f\u0627\u0631\u06cc\u062f <code>custom<\/code> \u06af\u0648\u0627\u0647\u06cc \u0647\u0627 \u0622\u0645\u0627\u062f\u0647 \u0647\u0633\u062a\u0646\u062f \u0632\u0645\u0627\u0646 \u062a\u0646\u0638\u06cc\u0645 \u06a9\u062f terraform \u0641\u0631\u0627 \u0631\u0633\u06cc\u062f\u0647 \u0627\u0633\u062a.<\/p>\n<p>\ud83d\udcbb## terraform \u0631\u0627 \u0646\u0635\u0628 \u06a9\u0646\u06cc\u062f<\/p>\n<div class=\"highlight js-code-highlight\">\n<pre class=\"highlight plaintext\"><code>## OSX ##\nbrew install hashicorp\/tap\/terraform\n\n## Windows ##\nchoco install terraform\n\n## Linux ##\nsudo apt-get install terraform\n<\/code><\/pre>\n<div class=\"highlight__panel js-actions-panel\">\n<div class=\"highlight__panel-action js-fullscreen-code-action\">\n    <svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" class=\"highlight-action crayons-icon highlight-action--fullscreen-on\"><title>\u0648\u0627\u0631\u062f \u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u0634\u0648\u06cc\u062f<\/title>\n    <path d=\"M16 3h6v6h-2V5h-4V3zM2 3h6v2H4v4H2V3zm18 16v-4h2v6h-6v-2h4zM4 19h4v2H2v-6h2v4z\"\/>\n<\/svg><\/p>\n<p>    <svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" class=\"highlight-action crayons-icon highlight-action--fullscreen-off\"><title>\u0627\u0632 \u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u062e\u0627\u0631\u062c \u0634\u0648\u06cc\u062f<\/title>\n    <path d=\"M18 7h4v2h-6V3h2v4zM8 9H2V7h4V3h2v6zm10 8v4h-2v-6h6v2h-4zM8 15v6H6v-4H2v-2h6z\"\/>\n<\/svg><\/p>\n<\/div>\n<\/div>\n<\/div>\n<p>\ud83d\uded1<code>Important<\/code>= \u0627\u06af\u0631 \u0627\u0632 MAC M1\/M2 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0645\u06cc \u06a9\u0646\u06cc\u062f\u060c \u0627\u062d\u062a\u0645\u0627\u0644\u0627\u064b \u0647\u0646\u06af\u0627\u0645 \u0627\u062c\u0631\u0627\u06cc \u0645\u0627\u0698\u0648\u0644 \u0628\u0627 \u0627\u06cc\u0646 \u062e\u0637\u0627 \u0645\u0648\u0627\u062c\u0647 \u0645\u06cc \u0634\u0648\u06cc\u062f<\/p>\n<div class=\"highlight js-code-highlight\">\n<pre class=\"highlight plaintext\"><code>\u26a0Error: Incompatible provider version\nProvider registry.terraform.io\/hashicorp\/template v2.2.0 does not have a package available for your current platform, darwin_arm64.\nProvider releases are separate from Terraform CLI releases, so not all providers are available for all platforms. Other versions\nof this provider may have different platforms supported.\n<\/code><\/pre>\n<div class=\"highlight__panel js-actions-panel\">\n<div class=\"highlight__panel-action js-fullscreen-code-action\">\n    <svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" class=\"highlight-action crayons-icon highlight-action--fullscreen-on\"><title>\u0648\u0627\u0631\u062f \u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u0634\u0648\u06cc\u062f<\/title>\n    <path d=\"M16 3h6v6h-2V5h-4V3zM2 3h6v2H4v4H2V3zm18 16v-4h2v6h-6v-2h4zM4 19h4v2H2v-6h2v4z\"\/>\n<\/svg><\/p>\n<p>    <svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" class=\"highlight-action crayons-icon highlight-action--fullscreen-off\"><title>\u0627\u0632 \u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u062e\u0627\u0631\u062c \u0634\u0648\u06cc\u062f<\/title>\n    <path d=\"M18 7h4v2h-6V3h2v4zM8 9H2V7h4V3h2v6zm10 8v4h-2v-6h6v2h-4zM8 15v6H6v-4H2v-2h6z\"\/>\n<\/svg><\/p>\n<\/div>\n<\/div>\n<\/div>\n<p>\u0646\u06af\u0631\u0627\u0646 \u0646\u0628\u0627\u0634\u06cc\u062f \u0627\u062c\u0627\u0632\u0647 \u0645\u06cc \u062f\u0647\u062f \u062a\u0627 \u0622\u0646 \u0631\u0627 \u062a\u0639\u0645\u06cc\u0631 \u06a9\u0646\u06cc\u062f \u0627\u0645\u0627 \u0627\u062c\u0631\u0627\u06cc \u0627\u06cc\u0646 3 \u062f\u0633\u062a\u0648\u0631<br \/><code>brew install kreuzwerker\/taps\/m1-terraform-provider-helper<\/code><br \/>#(\u062f\u0631 \u0635\u0648\u0631\u062a\u06cc \u06a9\u0647 Helper \u0631\u0627 \u0641\u0639\u0627\u0644 \u0646\u06a9\u0631\u062f\u0647 \u0628\u0627\u0634\u06cc\u062f)<br \/><code>m1-terraform-provider-helper activate<\/code><br \/>#\u0646\u0635\u0628 \u0648 \u06a9\u0627\u0645\u067e\u0627\u06cc\u0644 \u06a9\u0646\u06cc\u062f<br \/><code>m1-terraform-provider-helper install hashicorp\/template -v 2.10.0<\/code> <\/p>\n<h2><span class=\"ez-toc-section\" id=\"%DA%A9%D8%AF_%D9%85%D8%A7%DA%98%D9%88%D9%84_Terraform\"><\/span>\n<p>  \u06a9\u062f \u0645\u0627\u0698\u0648\u0644 Terraform<br \/>\n<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>\u06a9\u062f \u0645\u0646\u0627\u0628\u0639 \u0632\u06cc\u0631 \u0631\u0627 \u062f\u0631 AWS \u0627\u06cc\u062c\u0627\u062f \u0645\u06cc \u06a9\u0646\u062f <code>IAM<\/code><\/p>\n<p><code>Trust Anchor:<\/code>  \u062f\u0631 Trust Anchor\u060c \u0645\u0627 \u0628\u06cc\u0646 AWS IAM Role Anywhere \u0648 CA \u0627\u0639\u062a\u0645\u0627\u062f \u0627\u06cc\u062c\u0627\u062f \u0645\u06cc \u06a9\u0646\u06cc\u0645. \u0628\u0631\u0646\u0627\u0645\u0647\u200c\u0627\u06cc \u06a9\u0647 \u062e\u0627\u0631\u062c \u0627\u0632 AWS \u0627\u062c\u0631\u0627 \u0645\u06cc\u200c\u0634\u0648\u062f \u062f\u0631 \u0628\u0631\u0627\u0628\u0631 \u06cc\u06a9 \u0644\u0646\u06af\u0631 \u0627\u0639\u062a\u0645\u0627\u062f \u0628\u0627 \u06af\u0648\u0627\u0647\u06cc \u0645\u0634\u062a\u0631\u06cc X.509 \u0628\u0631\u0627\u06cc \u062f\u0631\u06cc\u0627\u0641\u062a \u0627\u0639\u062a\u0628\u0627\u0631\u0646\u0627\u0645\u0647 \u0645\u0648\u0642\u062a AWS \u0627\u062d\u0631\u0627\u0632 \u0647\u0648\u06cc\u062a \u0645\u06cc\u200c\u0634\u0648\u062f.<\/p>\n<p><code>IAM Role:<\/code>  Trust Anchors \u0646\u0642\u0634 AWS IAM \u0631\u0627 \u0628\u0631\u0627\u06cc \u0627\u0639\u0637\u0627\u06cc \u0645\u062c\u0648\u0632\u0647\u0627\u06cc \u0645\u062c\u0627\u0632 \u062e\u0637 \u0645\u0634\u06cc IAM \u0628\u0631 \u0639\u0647\u062f\u0647 \u0645\u06cc \u06af\u06cc\u0631\u062f. \u0628\u0631\u0627\u06cc \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u06cc\u06a9 \u0646\u0642\u0634\u060c \u0628\u0627\u06cc\u062f \u0628\u0647 \u0627\u0635\u0644 \u0633\u0631\u0648\u06cc\u0633 IAM Role Anywhere \u062f\u0631 \u0646\u0642\u0634 \u0627\u0639\u062a\u0645\u0627\u062f \u06a9\u0646\u06cc\u0645.<\/p>\n<p><code>Profile:<\/code>  \u062f\u0631 \u0646\u0645\u0627\u06cc\u0647\u060c \u06cc\u06a9 \u0646\u0642\u0634 IAM \u0631\u0627 \u062a\u0639\u0631\u06cc\u0641 \u0645\u06cc \u06a9\u0646\u06cc\u0645 \u06a9\u0647 \u062a\u0648\u0633\u0637 \u0645\u0634\u062a\u0631\u06cc \u0628\u0647 \u0639\u0647\u062f\u0647 \u0645\u06cc \u06af\u06cc\u0631\u062f. \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u06cc\u0645 \u0628\u0627 \u062e\u0637\u200c\u0645\u0634\u06cc\u200c\u0647\u0627\u06cc \u0645\u062f\u06cc\u0631\u06cc\u062a\u200c\u0634\u062f\u0647 AWS \u0648 \u0628\u0644\u0648\u06a9\u200c\u0647\u0627\u06cc \u0634\u0631\u0637\u060c \u0645\u0631\u0632\u0647\u0627\u06cc \u0645\u062c\u0648\u0632\u0647\u0627\u06cc \u0627\u0636\u0627\u0641\u06cc \u0631\u0627 \u062f\u0631 \u062c\u0644\u0633\u0627\u062a \u0641\u0639\u0627\u0644 \u062a\u0646\u0638\u06cc\u0645 \u06a9\u0646\u06cc\u0645.<\/p>\n<p>\u062f\u0631 \u0627\u06cc\u0646 \u0645\u0648\u0631\u062f \u0645\u0627 \u0642\u0635\u062f \u062f\u0627\u0631\u06cc\u0645 \u0627\u0632 a \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0646\u06cc\u0645 <code>custom module<\/code> \u06a9\u0647 \u0647\u0645\u0647 \u0627\u06cc\u0646 \u0645\u0646\u0627\u0628\u0639 \u0631\u0627 \u0628\u0647 \u06cc\u06a9\u0628\u0627\u0631\u0647 \u0627\u06cc\u062c\u0627\u062f \u0645\u06cc \u06a9\u0646\u062f\u060c \u0628\u0646\u0627\u0628\u0631\u0627\u06cc\u0646 \u0628\u0627 \u0627\u06cc\u062c\u0627\u062f \u0634\u0631\u0648\u0639 \u0645\u06cc \u0634\u0648\u062f <code>modules\/custom<\/code> \u067e\u0648\u0634\u0647 \u0634\u0627\u0645\u0644 \u0645\u0646\u0627\u0628\u0639\u06cc \u06a9\u0647 terraform \u062f\u0631 AWS \u0627\u06cc\u062c\u0627\u062f \u0645\u06cc \u06a9\u0646\u062f <code>anchor.tf<\/code>\u060c <code>iam.tf<\/code>\u060c <code>outputs.tf<\/code>\u060c <code>tls-crt.tf<\/code> \u0648 <code>variables.tf<\/code>.<\/p>\n<p><code>anchor.tf<\/code><\/p>\n<div class=\"highlight js-code-highlight\">\n<pre class=\"highlight plaintext\"><code># Trust anchors\nresource \"aws_rolesanywhere_trust_anchor\" \"trust_anchor\" {\n  name    = \"${local.project_name}-trust_anchor\"\n  enabled = true\n  source {\n    source_data {\n      x509_certificate_data = file(\"${path.module}\/certificates\/PrivateCA.pem\")\n    }\n    source_type = \"CERTIFICATE_BUNDLE\"\n  }\n}\n\n# Profile\nresource \"aws_rolesanywhere_profile\" \"profile\" {\n  enabled             = true\n  name                = \"${local.project_name}-profile\"\n  role_arns           = [aws_iam_role.roles.arn]\n  managed_policy_arns = [aws_iam_policy.profile_managed_policies.arn]\n}\n\n\n# Profile policies\n#Managed policies limit the permissions granted by the role's permissions policy and are assigned to the role session when the role is assumed.\nresource \"aws_iam_policy\" \"profile_managed_policies\" {\n  name        = \"${local.project_name}-user-profile-policies\"\n  path        = \"https:\/\/dev.to\/\"\n  description = \"Allows access to S3\"\n\n  policy = jsonencode({\n    Version = \"2012-10-17\"\n    Statement = [{\n      Action = [\n        \"s3:*\",\n      ]\n      Resource = [\n            \"arn:aws:s3:::${var.bucket_name}\",\n            \"arn:aws:s3:::${var.bucket_name}\/*\"\n      ]\n      Effect = \"Allow\"\n    }]\n  })\n}\n<\/code><\/pre>\n<div class=\"highlight__panel js-actions-panel\">\n<div class=\"highlight__panel-action js-fullscreen-code-action\">\n    <svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" class=\"highlight-action crayons-icon highlight-action--fullscreen-on\"><title>\u0648\u0627\u0631\u062f \u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u0634\u0648\u06cc\u062f<\/title>\n    <path d=\"M16 3h6v6h-2V5h-4V3zM2 3h6v2H4v4H2V3zm18 16v-4h2v6h-6v-2h4zM4 19h4v2H2v-6h2v4z\"\/>\n<\/svg><\/p>\n<p>    <svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" class=\"highlight-action crayons-icon highlight-action--fullscreen-off\"><title>\u0627\u0632 \u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u062e\u0627\u0631\u062c \u0634\u0648\u06cc\u062f<\/title>\n    <path d=\"M18 7h4v2h-6V3h2v4zM8 9H2V7h4V3h2v6zm10 8v4h-2v-6h6v2h-4zM8 15v6H6v-4H2v-2h6z\"\/>\n<\/svg><\/p>\n<\/div>\n<\/div>\n<\/div>\n<p><code>iam.tf<\/code><\/p>\n<div class=\"highlight js-code-highlight\">\n<pre class=\"highlight plaintext\"><code>locals {\n  project_name = var.project_name\n\n}\nresource \"aws_iam_role\" \"roles\" {\n  name = \"${local.project_name}-iamanywhere-trust-role\"\n  path = \"https:\/\/dev.to\/\"\n\n  assume_role_policy = jsonencode({\n    Version = \"2012-10-17\"\n    Statement = [\n      {\n        Effect = \"Allow\",\n        Principal = {\n          Service = \"rolesanywhere.amazonaws.com\",\n        },\n        Action = [\n          \"sts:AssumeRole\",\n          \"sts:TagSession\",\n          \"sts:SetSourceIdentity\"\n        ],\n        Condition = {\n          ArnEquals = {\n            \"aws:SourceArn\" = \"arn:aws:rolesanywhere:${var.region}:${var.aws_account}:trust-anchor\/${aws_rolesanywhere_trust_anchor.trust_anchor.id}\"\n\n          }\n        }\n      }\n    ]\n  })\n}\n\n# Permission policies in the role of iamanywhere-trust-role\nresource \"aws_iam_policy\" \"s3_full_access\" {\n  name        = \"${local.project_name}-iamanywhere-trust-role-policies\"\n  path        = \"https:\/\/dev.to\/\"\n  description = \"Allows access to S3\"\n\n  policy = jsonencode({\n    Version = \"2012-10-17\"\n    Statement = [{\n      Action = [\n        \"s3:*\",\n      ]\n      Resource = [\n        \"arn:aws:s3:::${var.bucket_name}\",\n        \"arn:aws:s3:::${var.bucket_name}\/*\"\n      ]\n      Effect = \"Allow\"\n    }]\n  })\n}\n\nresource \"aws_iam_role_policy_attachment\" \"roles_s3_access\" {\n  role       = aws_iam_role.roles.name\n  policy_arn = aws_iam_policy.s3_full_access.arn\n}\n<\/code><\/pre>\n<div class=\"highlight__panel js-actions-panel\">\n<div class=\"highlight__panel-action js-fullscreen-code-action\">\n    <svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" class=\"highlight-action crayons-icon highlight-action--fullscreen-on\"><title>\u0648\u0627\u0631\u062f \u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u0634\u0648\u06cc\u062f<\/title>\n    <path d=\"M16 3h6v6h-2V5h-4V3zM2 3h6v2H4v4H2V3zm18 16v-4h2v6h-6v-2h4zM4 19h4v2H2v-6h2v4z\"\/>\n<\/svg><\/p>\n<p>    <svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" class=\"highlight-action crayons-icon highlight-action--fullscreen-off\"><title>\u0627\u0632 \u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u062e\u0627\u0631\u062c \u0634\u0648\u06cc\u062f<\/title>\n    <path d=\"M18 7h4v2h-6V3h2v4zM8 9H2V7h4V3h2v6zm10 8v4h-2v-6h6v2h-4zM8 15v6H6v-4H2v-2h6z\"\/>\n<\/svg><\/p>\n<\/div>\n<\/div>\n<\/div>\n<p><code>outputs.tf<\/code><\/p>\n<div class=\"highlight js-code-highlight\">\n<pre class=\"highlight plaintext\"><code>output \"anchor\" {\n  value = aws_rolesanywhere_trust_anchor.trust_anchor.arn\n}\n\noutput \"profile\" {\n  value = aws_rolesanywhere_profile.profile.arn\n}\n\noutput \"awsiam\" {\n  value = aws_iam_role.roles.arn\n}\n\ndata \"template_file\" \"aws_export_profile\" {\n  template = &lt;&lt;-EOT\n[profile iam_anywhere]\nregion=us-east-2\ncredential_process = aws_signing_helper credential-process --trust-anchor-arn ${aws_rolesanywhere_trust_anchor.trust_anchor.arn} --profile-arn ${aws_rolesanywhere_profile.profile.arn} --role-arn ${aws_iam_role.roles.arn} --certificate \/path\/client.pem --private-key \/path\/client.key\nEOT\n  vars = {\n    trust_anchor_arn = aws_rolesanywhere_trust_anchor.trust_anchor.arn\n    profile_arn      = aws_rolesanywhere_profile.profile.arn\n    role_arn         = aws_iam_role.roles.arn\n  }\n}\n\nresource \"local_file\" \"aws_export_profile\" {\n  content  = data.template_file.aws_export_profile.rendered\n  filename = \".\/aws-config.txt\"\n}\n<\/code><\/pre>\n<div class=\"highlight__panel js-actions-panel\">\n<div class=\"highlight__panel-action js-fullscreen-code-action\">\n    <svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" class=\"highlight-action crayons-icon highlight-action--fullscreen-on\"><title>\u0648\u0627\u0631\u062f \u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u0634\u0648\u06cc\u062f<\/title>\n    <path d=\"M16 3h6v6h-2V5h-4V3zM2 3h6v2H4v4H2V3zm18 16v-4h2v6h-6v-2h4zM4 19h4v2H2v-6h2v4z\"\/>\n<\/svg><\/p>\n<p>    <svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" class=\"highlight-action crayons-icon highlight-action--fullscreen-off\"><title>\u0627\u0632 \u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u062e\u0627\u0631\u062c \u0634\u0648\u06cc\u062f<\/title>\n    <path d=\"M18 7h4v2h-6V3h2v4zM8 9H2V7h4V3h2v6zm10 8v4h-2v-6h6v2h-4zM8 15v6H6v-4H2v-2h6z\"\/>\n<\/svg><\/p>\n<\/div>\n<\/div>\n<\/div>\n<p><code>tls-crt.tf<\/code><\/p>\n<div class=\"highlight js-code-highlight\">\n<pre class=\"highlight plaintext\"><code>resource \"tls_private_key\" \"roles\" {\n  algorithm = \"RSA\"\n}\n<\/code><\/pre>\n<div class=\"highlight__panel js-actions-panel\">\n<div class=\"highlight__panel-action js-fullscreen-code-action\">\n    <svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" class=\"highlight-action crayons-icon highlight-action--fullscreen-on\"><title>\u0648\u0627\u0631\u062f \u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u0634\u0648\u06cc\u062f<\/title>\n    <path d=\"M16 3h6v6h-2V5h-4V3zM2 3h6v2H4v4H2V3zm18 16v-4h2v6h-6v-2h4zM4 19h4v2H2v-6h2v4z\"\/>\n<\/svg><\/p>\n<p>    <svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" class=\"highlight-action crayons-icon highlight-action--fullscreen-off\"><title>\u0627\u0632 \u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u062e\u0627\u0631\u062c \u0634\u0648\u06cc\u062f<\/title>\n    <path d=\"M18 7h4v2h-6V3h2v4zM8 9H2V7h4V3h2v6zm10 8v4h-2v-6h6v2h-4zM8 15v6H6v-4H2v-2h6z\"\/>\n<\/svg><\/p>\n<\/div>\n<\/div>\n<\/div>\n<p><code>variables.tf<\/code><\/p>\n<div class=\"highlight js-code-highlight\">\n<pre class=\"highlight plaintext\"><code>variable \"aws_account\" {\n  description = \"AWS account ID\"\n  type        = string\n}\n\nvariable \"region\" {\n  description = \"AWS Region\"\n  type        = string\n}\n\nvariable \"bucket_name\" {\n  type = string\n}\n\nvariable \"project_name\" {\n  type = string\n}\n<\/code><\/pre>\n<div class=\"highlight__panel js-actions-panel\">\n<div class=\"highlight__panel-action js-fullscreen-code-action\">\n    <svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" class=\"highlight-action crayons-icon highlight-action--fullscreen-on\"><title>\u0648\u0627\u0631\u062f \u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u0634\u0648\u06cc\u062f<\/title>\n    <path d=\"M16 3h6v6h-2V5h-4V3zM2 3h6v2H4v4H2V3zm18 16v-4h2v6h-6v-2h4zM4 19h4v2H2v-6h2v4z\"\/>\n<\/svg><\/p>\n<p>    <svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" class=\"highlight-action crayons-icon highlight-action--fullscreen-off\"><title>\u0627\u0632 \u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u062e\u0627\u0631\u062c \u0634\u0648\u06cc\u062f<\/title>\n    <path d=\"M18 7h4v2h-6V3h2v4zM8 9H2V7h4V3h2v6zm10 8v4h-2v-6h6v2h-4zM8 15v6H6v-4H2v-2h6z\"\/>\n<\/svg><\/p>\n<\/div>\n<\/div>\n<\/div>\n<p>\u0627\u06cc\u0646 5 \u0641\u0627\u06cc\u0644\u060c \u0645\u0646\u0627\u0628\u0639 \u0632\u0645\u06cc\u0646\u06cc \u0645\u0648\u0631\u062f \u0646\u06cc\u0627\u0632\u06cc \u0631\u0627 \u06a9\u0647 \u0628\u0631\u0627\u06cc \u0627\u06cc\u062c\u0627\u062f \u0632\u06cc\u0631\u0633\u0627\u062e\u062a AWS \u0644\u0627\u0632\u0645 \u0628\u0631\u0627\u06cc \u062f\u0633\u062a\u0631\u0633\u06cc \u0628\u0647 S3 \u0627\u0632 \u0637\u0631\u06cc\u0642 IAMA \u062f\u0631 \u0647\u0631 \u062c\u0627\u06cc\u06cc \u06a9\u0647 \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u06cc\u062f \u062a\u063a\u06cc\u06cc\u0631 \u062f\u0647\u06cc\u062f\u060c \u0646\u06cc\u0627\u0632 \u062f\u0627\u0631\u06cc\u062f\u060c \u062a\u06a9\u0645\u06cc\u0644 \u0645\u06cc\u200c\u06a9\u0646\u0646\u062f. <code>iam.tf<\/code> \u0628\u0631\u0627\u06cc \u062a\u0646\u0638\u06cc\u0645 \u062f\u0633\u062a\u0631\u0633\u06cc \u0627\u0636\u0627\u0641\u06cc \u062f\u0631 \u0635\u0648\u0631\u062a \u0646\u06cc\u0627\u0632 \u0627\u0632 \u0637\u0631\u06cc\u0642 \u062e\u0637 \u0645\u0634\u06cc \u0647\u0627\u06cc IAM\u060c \u0627\u0645\u0627 \u062f\u0631 \u0627\u06cc\u0646 \u0635\u0648\u0631\u062a \u062f\u0633\u062a\u0631\u0633\u06cc \u0641\u0642\u0637 \u0628\u0647 \u0622\u0646 \u062e\u0648\u0627\u0647\u062f \u0628\u0648\u062f <code>krakenmoto<\/code> \u0633\u0637\u0644\u06cc \u06a9\u0647 \u062f\u0631 \u0622\u0646 \u06af\u0646\u062c\u0627\u0646\u062f\u0647 \u0645\u06cc \u0634\u0648\u062f <code>main.tf<\/code> \u0641\u0627\u06cc\u0644\u06cc \u06a9\u0647 \u0645\u0627\u0698\u0648\u0644 \u0628\u0639\u062f\u06cc \u0631\u0627 \u0641\u0631\u0627\u062e\u0648\u0627\u0646\u06cc \u0645\u06cc \u06a9\u0646\u062f.<\/p>\n<p>\u062f\u0631 \u0632\u06cc\u0631 \u0646\u062d\u0648\u0647 \u0633\u0627\u062e\u062a\u0627\u0631 \u0641\u0627\u06cc\u0644 terraform \u0628\u0627\u06cc\u062f \u0628\u0647 \u0646\u0638\u0631 \u0628\u0631\u0633\u062f <code>\/certificates<\/code> \u067e\u0648\u0634\u0647 \u062f\u0631 \u062d\u0627\u0644 \u0627\u062c\u0631\u0627 <code>.\/certificates<\/code> \u0628\u062e\u0634\u06cc \u0627\u0632 \u0622\u0646 \u0627\u0633\u062a \u0628\u0647 \u0639\u0646\u0648\u0627\u0646 <code>anchor<\/code> \u0645\u0646\u0628\u0639 \u0627\u0632 \u0622\u0646 \u0645\u06cc \u0633\u0627\u0632\u062f.<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/media2.dev.to\/dynamic\/image\/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto\/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fcd76erfgu3qqx24d5e7t.png\" alt=\"\u062a\u0648\u0636\u06cc\u062d\u0627\u062a \u062a\u0635\u0648\u06cc\u0631\" loading=\"lazy\" width=\"205\" height=\"217\" title=\"\"><\/p>\n<h2><span class=\"ez-toc-section\" id=\"%DA%A9%D8%AF_Terraform_%DA%A9%D9%87_%D9%85%D8%AA%D8%BA%DB%8C%D8%B1%D9%87%D8%A7%DB%8C%DB%8C_%D8%B1%D8%A7_%D8%A8%D8%B1%D8%A7%DB%8C_%D9%81%D8%B1%D8%A7%D8%AE%D9%88%D8%A7%D9%86%DB%8C_%D9%85%D8%A7%DA%98%D9%88%D9%84_%D8%AA%D9%86%D8%B8%DB%8C%D9%85_%D9%85%DB%8C_%DA%A9%D9%86%D8%AF\"><\/span>\n<p>  \u06a9\u062f Terraform \u06a9\u0647 \u0645\u062a\u063a\u06cc\u0631\u0647\u0627\u06cc\u06cc \u0631\u0627 \u0628\u0631\u0627\u06cc \u0641\u0631\u0627\u062e\u0648\u0627\u0646\u06cc \u0645\u0627\u0698\u0648\u0644 \u062a\u0646\u0638\u06cc\u0645 \u0645\u06cc \u06a9\u0646\u062f<br \/>\n<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><code>main.tf<\/code><\/p>\n<div class=\"highlight js-code-highlight\">\n<pre class=\"highlight plaintext\"><code>module \"Iamanywhere\" {\n  source = \".\/modules\/custom\"\n  aws_account  = \"112223334445\"\n  region       = \"us-east-1\"\n  bucket_name  = \"krakenmoto\"\n  project_name = \"gersonplace\"\n}\n<\/code><\/pre>\n<div class=\"highlight__panel js-actions-panel\">\n<div class=\"highlight__panel-action js-fullscreen-code-action\">\n    <svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" class=\"highlight-action crayons-icon highlight-action--fullscreen-on\"><title>\u0648\u0627\u0631\u062f \u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u0634\u0648\u06cc\u062f<\/title>\n    <path d=\"M16 3h6v6h-2V5h-4V3zM2 3h6v2H4v4H2V3zm18 16v-4h2v6h-6v-2h4zM4 19h4v2H2v-6h2v4z\"\/>\n<\/svg><\/p>\n<p>    <svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" class=\"highlight-action crayons-icon highlight-action--fullscreen-off\"><title>\u0627\u0632 \u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u062e\u0627\u0631\u062c \u0634\u0648\u06cc\u062f<\/title>\n    <path d=\"M18 7h4v2h-6V3h2v4zM8 9H2V7h4V3h2v6zm10 8v4h-2v-6h6v2h-4zM8 15v6H6v-4H2v-2h6z\"\/>\n<\/svg><\/p>\n<\/div>\n<\/div>\n<\/div>\n<p>\u0627\u06a9\u0646\u0648\u0646 \u0645\u0627 \u0622\u0645\u0627\u062f\u0647 \u0627\u062c\u0631\u0627\u06cc terraform \u0647\u0633\u062a\u06cc\u0645\u060c \u0628\u0646\u0627\u0628\u0631\u0627\u06cc\u0646 \u062e\u0648\u062f \u0631\u0627 \u062f\u0631 \u067e\u0648\u0634\u0647 \u0627\u06cc \u062f\u0631 \u0622\u0646\u062c\u0627 \u0642\u0631\u0627\u0631 \u062f\u0647\u06cc\u062f <code>main.tf<\/code> \u0648\u0627\u0642\u0639 \u0634\u062f\u0647 \u0648 \u0627\u062c\u0631\u0627 \u0645\u06cc \u0634\u0648\u062f<\/p>\n<p><code>terraform init -reconfigure -upgrade<\/code><br \/><code>terraform validate<\/code><br \/><code>terraform plan<\/code><br \/><code>terraform apply<\/code><\/p>\n<p>\u0627\u06cc\u0646 \u06a9\u062f \u0645\u0648\u0627\u0631\u062f \u0632\u06cc\u0631 \u0631\u0627 \u0627\u06cc\u062c\u0627\u062f \u0645\u06cc \u06a9\u0646\u062f <code>outputs<\/code><\/p>\n<div class=\"highlight js-code-highlight\">\n<pre class=\"highlight plaintext\"><code>- `IAM Role`          = ${project_name}-iamanywhere-trust-role\n\n- `Trust Anchor`      = ${project_name}-trust_anchor\n\n- `Trust Role Policy` = ${project_name}-iamanywhere-trust-role-policies\n\n- `Profile`           = ${project_name}-profile\n\n- `IAM Policy`        = ${project_name}-user-profile-policies\n<\/code><\/pre>\n<div class=\"highlight__panel js-actions-panel\">\n<div class=\"highlight__panel-action js-fullscreen-code-action\">\n    <svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" class=\"highlight-action crayons-icon highlight-action--fullscreen-on\"><title>\u0648\u0627\u0631\u062f \u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u0634\u0648\u06cc\u062f<\/title>\n    <path d=\"M16 3h6v6h-2V5h-4V3zM2 3h6v2H4v4H2V3zm18 16v-4h2v6h-6v-2h4zM4 19h4v2H2v-6h2v4z\"\/>\n<\/svg><\/p>\n<p>    <svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" class=\"highlight-action crayons-icon highlight-action--fullscreen-off\"><title>\u0627\u0632 \u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u062e\u0627\u0631\u062c \u0634\u0648\u06cc\u062f<\/title>\n    <path d=\"M18 7h4v2h-6V3h2v4zM8 9H2V7h4V3h2v6zm10 8v4h-2v-6h6v2h-4zM8 15v6H6v-4H2v-2h6z\"\/>\n<\/svg><\/p>\n<\/div>\n<\/div>\n<\/div>\n<p>\u0647\u0646\u06af\u0627\u0645\u06cc \u06a9\u0647 \u062a\u063a\u06cc\u06cc\u0631\u0627\u062a \u0631\u0627 \u062f\u0631 AWS \u0627\u0639\u0645\u0627\u0644 \u06a9\u0631\u062f\u06cc\u062f\u060c \u06cc\u06a9 \u0641\u0627\u06cc\u0644 \u062c\u062f\u06cc\u062f \u0628\u0627 \u0646\u0627\u0645 \u062f\u0631 \u067e\u0648\u0634\u0647 \u0634\u0645\u0627 \u0627\u06cc\u062c\u0627\u062f \u0645\u06cc \u0634\u0648\u062f <code>aws-config.txt<\/code> \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u06cc\u062f \u0627\u0632 \u062f\u0627\u062f\u0647\u200c\u0647\u0627\u06cc \u0645\u0648\u062c\u0648\u062f \u062f\u0631 \u0622\u0646 \u0628\u0631\u0627\u06cc \u0627\u06cc\u062c\u0627\u062f \u06cc\u06a9 \u0646\u0645\u0627\u06cc\u0647 \u0628\u0631\u0627\u06cc \u0627\u062a\u0635\u0627\u0644 \u0628\u0647 \u062d\u0633\u0627\u0628 AWS \u062e\u0648\u062f \u0648 \u0641\u0634\u0627\u0631 \u062f\u0627\u062f\u0646 \u0648 \u06a9\u0634\u06cc\u062f\u0646 \u0627\u0632 \u0622\u0646 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0646\u06cc\u062f <code>krakenmoto<\/code> \u0633\u0637\u0644 S3.<\/p>\n<div class=\"highlight js-code-highlight\">\n<pre class=\"highlight plaintext\"><code>[profile iam_anywhere]\nregion=us-east-2\ncredential_process = aws_signing_helper credential-process --trust-anchor-arn arn:aws:rolesanywhere:us-east-2:112223334445:trust-anchor\/957dd152-a4e2-4ac8-ab79-ff70ae66cf07 --profile-arn arn:aws:rolesanywhere:us-east-2:286514997612:profile\/c25f019c-0234-4905-99cc-6dbeacc65b69 --role-arn arn:aws:iam::112223334445:role\/gersonplace-iamanywhere-trust-role --certificate \/path\/client.pem --private-key \/path\/client.key\n<\/code><\/pre>\n<div class=\"highlight__panel js-actions-panel\">\n<div class=\"highlight__panel-action js-fullscreen-code-action\">\n    <svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" class=\"highlight-action crayons-icon highlight-action--fullscreen-on\"><title>\u0648\u0627\u0631\u062f \u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u0634\u0648\u06cc\u062f<\/title>\n    <path d=\"M16 3h6v6h-2V5h-4V3zM2 3h6v2H4v4H2V3zm18 16v-4h2v6h-6v-2h4zM4 19h4v2H2v-6h2v4z\"\/>\n<\/svg><\/p>\n<p>    <svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" class=\"highlight-action crayons-icon highlight-action--fullscreen-off\"><title>\u0627\u0632 \u062d\u0627\u0644\u062a \u062a\u0645\u0627\u0645 \u0635\u0641\u062d\u0647 \u062e\u0627\u0631\u062c \u0634\u0648\u06cc\u062f<\/title>\n    <path d=\"M18 7h4v2h-6V3h2v4zM8 9H2V7h4V3h2v6zm10 8v4h-2v-6h6v2h-4zM8 15v6H6v-4H2v-2h6z\"\/>\n<\/svg><\/p>\n<\/div>\n<\/div>\n<\/div>\n<p>\ud83d\uded1\u0645\u0647\u0645: \u0628\u0627\u06cc\u062f \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u06a9\u0646\u06cc\u062f <code>client.pem<\/code> \u0648 <code>client.key<\/code> \u0628\u0631\u0627\u06cc \u0627\u06cc\u0646\u06a9\u0647 \u0628\u062a\u0648\u0627\u0646\u06cc\u062f \u0627\u0632 <code>achor<\/code> \u0628\u0631\u0627\u06cc \u0627\u062d\u0631\u0627\u0632 \u0647\u0648\u06cc\u062a<\/p>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>\u0627\u06cc\u0646 \u067e\u0633\u062a \u0634\u0645\u0627 \u0631\u0627 \u062f\u0631 \u0645\u0631\u0627\u062d\u0644 \u067e\u06cc\u06a9\u0631\u0628\u0646\u062f\u06cc IamAnywhere \u062f\u0631 AWS \u0628\u0627 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 Terraform \u0648 \u06af\u0648\u0627\u0647\u06cc\u200c\u0647\u0627\u06cc \u0633\u0641\u0627\u0631\u0634\u06cc \u0631\u0627\u0647\u0646\u0645\u0627\u06cc\u06cc \u0645\u06cc\u200c\u06a9\u0646\u062f. \u0627\u0644\u0632\u0627\u0645\u0627\u062a \u062d\u0633\u0627\u0628 AWS. Terraform. \u062f\u0627\u0645\u0646\u0647 \u0645\u0627 \u0642\u0635\u062f \u062f\u0627\u0631\u06cc\u0645 IamAnywhere \u0631\u0627 \u067e\u06cc\u06a9\u0631\u0628\u0646\u062f\u06cc \u06a9\u0646\u06cc\u0645 \u062a\u0627 \u0627\u062c\u0627\u0632\u0647 \u062f\u0633\u062a\u0631\u0633\u06cc \u0628\u0647 \u0622\u0646 \u0631\u0627 \u0628\u062f\u0647\u062f krakenmoto \u0633\u0637\u0644 \u062f\u0631 S3. Initial steps \u067e\u06cc\u06a9\u0631\u0628\u0646\u062f\u06cc \u06a9\u0646\u06cc\u062f Certificate Authority. \u0628\u0631\u0627\u06cc \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 AWS IAM \u062f\u0631 \u0647\u0631 &hellip;<\/p>\n","protected":false},"author":2,"featured_media":91310,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/media2.dev.to\/dynamic\/image\/width=1000,height=500,fit=cover,gravity=auto,format=auto\/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ffemideqsuthpw3a9o53c.png","fifu_image_alt":"","footnotes":""},"categories":[339],"tags":[],"class_list":["post-91309","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-dev"],"_links":{"self":[{"href":"https:\/\/nabfollower.com\/blog\/wp-json\/wp\/v2\/posts\/91309","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nabfollower.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nabfollower.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nabfollower.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nabfollower.com\/blog\/wp-json\/wp\/v2\/comments?post=91309"}],"version-history":[{"count":0,"href":"https:\/\/nabfollower.com\/blog\/wp-json\/wp\/v2\/posts\/91309\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/nabfollower.com\/blog\/wp-json\/wp\/v2\/media\/91310"}],"wp:attachment":[{"href":"https:\/\/nabfollower.com\/blog\/wp-json\/wp\/v2\/media?parent=91309"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nabfollower.com\/blog\/wp-json\/wp\/v2\/categories?post=91309"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nabfollower.com\/blog\/wp-json\/wp\/v2\/tags?post=91309"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}