How to create an IAM account and configure Terraform to use AWS static credentials?

Guillermo Musumeci
3 min readNov 7, 2019


The first step to launch a Terraform script in Amazon Web Services (AWS) is to configure the Terraform provider.

There are several options to configure the provider for AWS:

  • Static credentials
  • Environment variables
  • Shared credentials file
  • EC2 Role

In this article, I’m going to show how to configure the Terraform provider using static credentials.

The Terraform provider looks like this:

provider "aws" {
region = "eu-west-1"
access_key = "my-aws-access-key"
secret_key = "my-aws-secret-key"

The process to configure the Terraform provider is divided into 4 steps:

  1. Generate an IAM user to use with Terraform

Open the AWS Console and type IAM in the search box.

Search for IAM

Then, at the IAM dashboard (left side of the screen), select the Users section and then click on the Add User button.

Here, enter a user name and enable the Programmatic Access checkbox and click the Next: Permissions button.

Create a user for Terraform

Then, select Attach existing policies directly button and choose a policy, in this case, because is a Development environment, I will select AdministratorAccess.

Important: please don’t select AdministratorAccess, for production environments, instead create a custom policy with very limited access to just required AWS services. Click the Next: Tags button.

Attach the policy to the IAM account

Add Tags to the account (if you want) or skip the Tags page and click on the Next:Review button



Guillermo Musumeci

Certified AWS, Azure & GCP Architect | HashiCorp Ambassador | Terraform SME | KopiCloud Founder | ex-AWS | Entrepreneur | Book Author | Husband & Dad of ✌