Creating two types of IAM users in AWS using the CLI

To create a user in AWS IAM using the CLI (after you have configured it), use the following:

Create a user with programmatic access (access key ID and secret access key):

And for a user with console access:

Decode access secret key from Terraform IAM user creation

Problem

You want to use the pgp encryption when using Terraform to create an AWS IAM user, and you have the secret access token returned as an output but encoded.

Solution

Use the following to get the actual secret key decoded (after copying your encoded key to a file encrypted_key.txt: