You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Description: "A more restrictive policy when making the AssumeRole call. Its content must not contains `principal` elements. Notice: more syntax references, please refer to: [policies syntax logic](https://intl.cloud.tencent.com/document/product/598/10603).",
Description: "External role ID, which can be obtained by clicking the role name in the CAM console. It can contain 2-128 letters, digits, and symbols (=,.@:/-). Regex: [\\w+=,.@:/-]*. It can be sourced from the `TENCENTCLOUD_ASSUME_ROLE_EXTERNAL_ID`.",
returnnil, fmt.Errorf("can not set `TENCENTCLOUD_ASSUME_ROLE_SAML_ASSERTION`, `TENCENTCLOUD_ASSUME_ROLE_PRINCIPAL_ARN`, `TENCENTCLOUD_ASSUME_ROLE_WEB_IDENTITY_TOKEN` at the same time.\n")
Copy file name to clipboardExpand all lines: website/docs/index.html.markdown
+22-3Lines changed: 22 additions & 3 deletions
Original file line number
Diff line number
Diff line change
@@ -141,7 +141,7 @@ $ terraform plan
141
141
142
142
### Assume role
143
143
144
-
If provided with an assume role, Terraform will attempt to assume this role using the supplied credentials. Assume role can be provided by adding an `role_arn`, `session_name`, `session_duration`and `policy`(optional) in-line in the tencentcloud provider block:
144
+
If provided with an assume role, Terraform will attempt to assume this role using the supplied credentials. Assume role can be provided by adding an `role_arn`, `session_name`, `session_duration`, `policy`(optional) and `external_id`(optional) in-line in the tencentcloud provider block:
145
145
146
146
Usage:
147
147
@@ -160,7 +160,7 @@ provider "tencentcloud" {
160
160
}
161
161
```
162
162
163
-
The `role_arn`, `session_name`, `session_duration` can also provided via `TENCENTCLOUD_ASSUME_ROLE_ARN`, `TENCENTCLOUD_ASSUME_ROLE_SESSION_NAME`and `TENCENTCLOUD_ASSUME_ROLE_SESSION_DURATION` environment variables.
163
+
The `role_arn`, `session_name`, `session_duration`and `external_id`can also provided via `TENCENTCLOUD_ASSUME_ROLE_ARN`, `TENCENTCLOUD_ASSUME_ROLE_SESSION_NAME`, `TENCENTCLOUD_ASSUME_ROLE_SESSION_DURATION`and `TENCENTCLOUD_ASSUME_ROLE_EXTERNAL_ID` environment variables.
164
164
165
165
Usage:
166
166
@@ -254,7 +254,7 @@ provider "tencentcloud" {
254
254
255
255
### Cam role name
256
256
257
-
If provided with a Cam role name, Terraform will just access the metadata URL: http://metadata.tencentyun.com/latest/meta-data/cam/security-credentials/<cam_role_name> to obtain the STS credential. The CVM Instance Role also can be set using the TENCENTCLOUD_CAM_ROLE_NAME environment variables.
257
+
If provided with a Cam role name, Terraform will just access the metadata URL: `http://metadata.tencentyun.com/latest/meta-data/cam/security-credentials/<cam_role_name>` to obtain the STS credential. The CVM Instance Role also can be set using the `TENCENTCLOUD_CAM_ROLE_NAME` environment variables.
258
258
259
259
-> **Note:** Cam-role-name is used to grant the role entity the permissions to access services and resources and perform operations in Tencent Cloud. You can associate the CAM role with a CVM instance to call other Tencent Cloud APIs from the instance using the periodically updated temporary Security Token Service (STS) key.
260
260
@@ -268,6 +268,24 @@ provider "tencentcloud" {
268
268
}
269
269
```
270
270
271
+
It can also be authenticated together with method Assume role. Authentication process: Perform CAM authentication first, then proceed with Assume role authentication.
272
+
273
+
Usage:
274
+
275
+
```hcl
276
+
provider "tencentcloud" {
277
+
cam_role_name = "my-cam-role-name"
278
+
279
+
assume_role {
280
+
role_arn = "my-role-arn"
281
+
session_name = "my-session-name"
282
+
policy = "my-role-policy"
283
+
session_duration = 3600
284
+
external_id = "my-external-id"
285
+
}
286
+
}
287
+
```
288
+
271
289
### CDC cos usage
272
290
273
291
You can set the cos domain by setting the environment variable `TENCENTCLOUD_COS_DOMAIN`, and configure the cdc scenario as follows:
@@ -347,6 +365,7 @@ The nested `assume_role` block supports the following:
347
365
*`session_name` - (Required) The session name to use when making the AssumeRole call. It can also be sourced from the `TENCENTCLOUD_ASSUME_ROLE_SESSION_NAME` environment variable.
348
366
*`session_duration` - (Required) The duration of the session when making the AssumeRole call. Its value ranges from 0 to 43200(seconds), and default is 7200 seconds. It can also be sourced from the `TENCENTCLOUD_ASSUME_ROLE_SESSION_DURATION` environment variable.
349
367
*`policy` - (Optional) A more restrictive policy to apply to the temporary credentials. This gives you a way to further restrict the permissions for the resulting temporary security credentials. You cannot use the passed policy to grant permissions that are in excess of those allowed by the access policy of the role that is being assumed.
368
+
*`external_id` - (Optional) External role ID, which can be obtained by clicking the role name in the CAM console. It can contain 2-128 letters, digits, and symbols (=,.@\:/-). Regex: [\\w+=,.@\:/-]*. It can be sourced from the `TENCENTCLOUD_ASSUME_ROLE_EXTERNAL_ID`.
350
369
351
370
The nested `assume_role_with_saml` block supports the following:
352
371
*`role_arn` - (Required) The ARN of the role to assume. It can also be sourced from the `TENCENTCLOUD_ASSUME_ROLE_ARN` environment variable.
0 commit comments