I have an AWS Organization using AWS SSO with Okta that I access via the AWS CLI v2. I can’t recall yet if I’ve since tested running a Terraform deployment against it. Most of my deployments are currently running under Terraform Cloud in another AWS account without SSO which I don’t believe functions well with SSO from what I can tell.
What problem are you experiencing and perhaps I can attempt to reproduce or assist. As for the shared credentials file and profile, the SSO setup for CLIv2 it is setup just like any other profile except that it references the SSO URL and requires logging in first. The ~/.aws/sso and ~/.aws/cli directories are merely storing the cached data and the ~/.aws/config still maintains the profile. The ~/.aws/credentials is then not really used as it defers back to the ~/.aws/sso and ~/.aws/cli cached data for the necessary credentials. The ~/.aws/sso contains the cached AccessToken to authenticate with SSO while the ~/.aws/cli contains the cached AccessKeyId, SecretAccessKey and SessionToken credentials that would normally be stored in ~/.aws/credentials.
So as long as you’re authenticated prior to attempting to run Terraform if your provider declaration references the profile associated with your SSO authenticated account it should be able to execute. If you’re not logged in before I would expect you to get an unauthenticated or a token expired error.
As the shared credentials file ~/.aws/credentials doesn’t really contain the credentials and it is optional I would think that it could be left out and simply reference the profile that it would find in the ~/.aws/config file. The SDK should then know to look into the ~/.aws/cli cached data for the right credentials to you. Again I don’t believe I’ve tried this since enabling SSO but when I have a chance I’ll give it a run to confirm.