Terraform allows assumption of roles with the AWS provider. However it seems the Boundary provider doesn’t use the AWS provider, nor provide an option for setting the profile to assume to read the key?
The only way I can get this to work is to login and set the AWS_PROFILE environment variable before running Terraform, which defeats CI testing implementations.
Would be great if it supported assuming profiles similar to or making use of Terraform’s AWS provider.
kms "awskms" {
purpose = "root"
region = "us-east-1"
assume_role {
role_arn = "arn:aws:iam::0000000000:role/iam-identity-foobar"
}
}