Per the doc https://registry.terraform.io/providers/hashicorp/aws/3.24.0/docs/resources/iam_user_login_profile, it requires a base-64 encoded PGP public key. I use gpg command created the key.
gpg --gen-key
pub rsa3072 2023-07-14 [SC] [expires: 2025-07-13]
6AE78F61DB1####################3C81356FBB
I got errors when I ran terraform apply.
"Error: creating IAM User Login Profile for "frontend": encrypting Password: parsing given PGP key: openpgp: invalid data: tag byte does not have MSB set".
I did research. It says the gpg command auto creates the MSB set. No clue what the root cause is. As follows is the terraform code.
module "iam_user" {
source = "terraform-aws-modules/iam/aws//modules/iam-user"
name = "frontend"
create_user = true
create_iam_user_login_profile = true
create_iam_access_key = true
force_destroy = false
password_length = 20
password_reset_required = true
#base-64 encoded PGP public key
pgp_key = "6AE78F61DB1####################3C81356FBB"
}
This might be happening because you're exporting the key in ASCII format, then base64-encoding it. You should be exporting the key in binary format, then base64-encoding it, i.e. rather than:
do this:
It will work.