Terraform apply time out after 1 hour with IAM assume role

Hello,

We are experiencing a timeout while updating DynamoDB where the replicas get deleted and then created back. We use a pipeline that does IAM role chaining before Terraform apply and this DynamoDB update is taking more than an hour and is failing as the credentials are expired.

So, we have made some changes to the pipeline and Terraform backend and provider configuration. The pipeline first gets the AWS credentials and sets the profile. S3 backend and provider configuration in Terraform uses this profile to assume another IAM role provided in the assume_role block. We have a mechanism to keep the AWS session active that’s outside Terraform by repeatedly refreshing the token.

We were hoping the credentials outside (repeatedly refreshed) of Terraform which the AWS provider and S3 backend will then use to use to call the sts:AssumeRole to get the credentials for the role and refresh them automatically. But, this isn’t happening. We are getting an error “Failed to refresh the cached credentials”.

Terraform version - 1.3.6
AWS Provider - 5.13.0

Could you suggest if there’s a way to fix the Terraform timeout problem and have the credentials refreshed automatically?

Thanks,