aws_data_credential

~> The resource's API may change in subsequent versions to simplify the user experience.

Creates an AWS data credential.

The CelerData cluster generates a profile for each SQL Query. These profiles are stored in your AWS S3 bucket. To enable CelerData Cloud to read/write to your S3, you need to create a data credential or select an existing data credential.

This resource depends on the following resources and the celerdatabyoc_aws_data_credential_assume_policy data source:

• celerdatabyoc_aws_data_credential_policy
• aws_iam_role
• aws_iam_instance_profile

You must have configured these resources before you can implement this resource.

Example Usage

resource "celerdatabyoc_aws_data_credential_policy" "data_credential" {
   bucket = local.s3_bucket
}

data "celerdatabyoc_aws_data_credential_assume_policy" "assume_role" {}

resource "aws_iam_role" "celerdata_data_cred_role" {
  name               = "<celerdata_data_credential_role_name>"
  assume_role_policy = data.celerdatabyoc_aws_data_credential_assume_policy.assume_role.json
  description        = "<celerdata_data_credential_role_description>"
  inline_policy {
    name   = "<celerdata_data_credential_role_policy_name>"
    policy = celerdatabyoc_aws_data_credential_policy.role_policy.json
  }
}

resource "aws_iam_instance_profile" "celerdata_data_cred_profile" {
  name = "<celerdata_data_credential_profile_name>"
  role = aws_iam_role.celerdata_data_cred_role.name
}

resource "celerdatabyoc_aws_data_credential" "data_credential" {
  name = "<celerdata_data_credential_name>"
  role_arn = aws_iam_role.celerdata_data_cred_role.arn 
  instance_profile_arn = aws_iam_instance_profile.celerdata_data_cred_profile.arn
  bucket_name = local.s3_bucket
  policy_version = celerdatabyoc_aws_data_credential_policy.role_policy.version
}

Argument Reference

~> This section explains only the arguments of the celerdatabyoc_aws_data_credential resource. For the explanation of arguments of other resources, see the corresponding resource topics.

This resource contains the following required arguments and optional arguments:

Required:

• role_arn: (Forces new resource) The ARN of the IAM role referenced in the data credential. Set the value to aws_iam_role.celerdata_data_cred_role.arn.

• instance_profile_arn: (Forces new resource) The instance profile ARN of the IAM role referenced in the data credential. Set the value to aws_iam_instance_profile.celerdata_data_cred_profile.arn.

• bucket_name: (Forces new resource) The name of the AWS S3 bucket for which to generate the policy document and that stores query profiles. Set the value to local.s3_bucket, as we recommend that you set the bucket element as a local value s3_bucket in your Terraform configuration. See Local Values.

• policy_version: The version of the policy. Set the value to celerdatabyoc_aws_data_credential_policy.role_policy.version.

Optional:

• name: (Forces new resource) The name of the data credential. Enter a unique name. If omitted, Terraform will assign a random, unique name.

Attribute Reference

This resource exports the following attribute:

• id: The ID of the data credential.

See Also

• Create an AWS data credential
• celerdatabyoc_aws_data_credential_policy
• aws_iam_role
• aws_iam_instance_profile