Merge pull request #4869 from hashicorp/b-aws-provider-auth-docs

provider/aws: Provide a better message if no AWS creds are found
hashicorp · Jan 29, 2016 · b7582fa · b7582fa
2 parents a2cf8b7 + 70fae67
commit b7582fa
Show file tree

Hide file tree

Showing 2 changed files with 73 additions and 2 deletions.
diff --git a/builtin/providers/aws/config.go b/builtin/providers/aws/config.go
@@ -120,7 +120,13 @@ func (c *Config) Client() (interface{}, error) {
 		// error, and we can present it nicely to the user
 		_, err = creds.Get()
 		if err != nil {
-			errs = append(errs, fmt.Errorf("Error loading credentials for AWS Provider: %s", err))
+			if awsErr, ok := err.(awserr.Error); ok && awsErr.Code() == "NoCredentialProviders" {
+				errs = append(errs, fmt.Errorf(`No valid credential sources found for AWS Provider. 
+  Please see https://terraform.io/docs/providers/aws/index.html for more information on 
+  providing credentials for the AWS Provider`))
+			} else {
+				errs = append(errs, fmt.Errorf("Error loading credentials for AWS Provider: %s", err))
+			}
 			return nil, &multierror.Error{Errors: errs}
 		}
 		awsConfig := &aws.Config{

diff --git a/website/source/docs/providers/aws/index.html.markdown b/website/source/docs/providers/aws/index.html.markdown
@@ -30,6 +30,72 @@ resource "aws_instance" "web" {
 }
 ```
 
+## Authentication 
+
+The AWS provider offers flexible means of providing credentials for
+authentication. The following methods are supported, in this order, and
+explained below:
+
+- Static credentials
+- Environment variables
+- Shared credentials file
+
+
+### Static credentials ###
+
+Static credentials can be provided by adding an `access_key` and `secret_key` in-line in the
+aws provider block:
+
+Usage: 
+
+```
+provider "aws" {
+  region     = "us-west-2"
+  access_key = "anaccesskey"
+  secret_key = "asecretkey"
+}
+```
+
+###Environment variables
+
+You can provide your credentials via `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY`, 
+environment variables, representing your AWS Access Key and AWS Secret Key, respectively.
+`AWS_DEFAULT_REGION` and `AWS_SECURITY_TOKEN` are also used, if applicable:
+
+```
+provider "aws" {}
+```
+
+Usage:
+
+```
+$ exoprt AWS_ACCESS_KEY_ID="anaccesskey" 
+$ export AWS_SECRET_ACCESS_KEY="asecretkey"
+$ export AWS_DEFAULT_REGION="us-west-2"
+$ terraform plan
+```
+
+###Shared Credentials file
+
+You can use an AWS credentials file to specify your credentials. The default
+location is `$HOME/.aws/credentials` on Linux and OSX, or `"%USERPROFILE%\.aws\credentials"` 
+for Windows users. If we fail to detect credentials inline, or in the
+environment, Terraform will check this location. You can optionally specify a
+different location in the configuration by providing `shared_credentials_file`,
+or in the environment with the `AWS_SHARED_CREDENTIALS_FILE` variable. This
+method also supports a `profile` configuration and matching `AWS_PROFILE`
+environment variable:
+
+Usage: 
+
+```
+provider "aws" {
+  region                   = "us-west-2"
+  shared_credentials_file  = "/Users/tf_user/.aws/creds"
+  profile                  = "customprofile"
+}
+```
+
 ## Argument Reference
 
 The following arguments are supported in the `provider` block:
@@ -73,4 +139,3 @@ The following arguments are supported in the `provider` block:
 
 * `kinesis_endpoint` - (Optional) Use this to override the default endpoint URL
   constructed from the `region`. It's typically used to connect to kinesalite.
-