AWS SSO & Terraform


Trying to use terraform with AWS single sign on. Is this possible? If so, how do I do it?

Currently using AWS CLI 2

You login to the SSO portal with a user that has adequate rights on the AWS account(s) you want to work in with Terraform. You click on the account you want to work in and then select “Command line or programmatic access”. You’ll then get a number of options to choose from but easiest is to work with environment variables (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY and AWS_SESSION_TOKEN). Set or export those in the terminal window where you’ll be running Terraform and you’re good to go for 60 minutes. After 60 minutes you’ll need to get a new set of credentials but as long as you still have your SSO portal open you can easily get a new set without having to login again.

Better would be just doing aws configure sso and that will take you to create a new aws profile use the same profile in your aws provider

I searched a lot of documents related to this issue,
(closest one : Support AWS CLI v2 AWS Single Sign-On · Issue #10851 · hashicorp/terraform-provider-aws · GitHub)
if I understand correctly, deploy simple aws resource by terraform using aws sso credential, it doesn’t work.
there are no way to terraform understand aws sso’s cached credential.
if I am wrong, please let me know

I htought the same thing and still sort of do because i cant get it to work but according to Brian Flad on the git doc you can use aws sso with the latest provider

he indicates it works here

“Support for AWS Single-Sign On (SSO) cached credentials has been merged and will release with version 3.26.0 of the Terraform AWS Provider later today. When the release is available, an automated release comment will be sent to this issue.”

waiting to hear back