Using AWS Assume Role for Terraform Cloud

I am looking at alternatives to using the access_key and secret_key for 150+ of our Terraform Cloud Workspaces.

Initially I thought the assume role may be the way to go, however from what I have read it still requires a keys to then perform the STS.

Is there another alternative so that I don’t have to rotate keys for 150 workspaces (that doesn’t involve Vault).