AWS SSO & Terraform


Trying to use terraform with AWS single sign on. Is this possible? If so, how do I do it?

Currently using AWS CLI 2

You login to the SSO portal with a user that has adequate rights on the AWS account(s) you want to work in with Terraform. You click on the account you want to work in and then select “Command line or programmatic access”. You’ll then get a number of options to choose from but easiest is to work with environment variables (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY and AWS_SESSION_TOKEN). Set or export those in the terminal window where you’ll be running Terraform and you’re good to go for 60 minutes. After 60 minutes you’ll need to get a new set of credentials but as long as you still have your SSO portal open you can easily get a new set without having to login again.

Better would be just doing aws configure sso and that will take you to create a new aws profile use the same profile in your aws provider

I searched a lot of documents related to this issue,
(closest one : Support AWS CLI v2 AWS Single Sign-On · Issue #10851 · hashicorp/terraform-provider-aws · GitHub)
if I understand correctly, deploy simple aws resource by terraform using aws sso credential, it doesn’t work.
there are no way to terraform understand aws sso’s cached credential.
if I am wrong, please let me know