Passing credentials for S3 snapshot repository in Terraform


I am trying to setup a new ELK stack in Terraform, that also includes our configurations/settings/etc. One of the settings I would like to configure is snapshot lifecycle management, and a snapshot repository.

I plan to use an S3 bucket for the repository but am struggling to figure out how to fully configure this in terraform because it does not seem as though it is possible to provide an IAM access and secret key into the Terraform configuration.

I have been able to do this using the API with:

curl -X PUT "https://username:password@localhost:9200/_snapshot/s3_repository?pretty" -H 'Content-Type: application/json' -d'
  "type": "s3",
  "settings": {
    "bucket" : "logs",
    "access_key": "AWS_ACCESS_KEY_ID",
    "secret_key": "AWS_SECRET_ACCESS_KEY",
    "protocol": "https",
    "server_side_encryption": true

though it did take some time to come to this because the access_key and secret_key fields weren't listed in the API docs I found.

Is there something I'm missing? The Kibana and ES hosts of our ELK stack are hosted outside of AWS, so I'm not able to apply an IAM policy to the host, or any other internal AWS method.


This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.