@Heeseok-82 not sure if this the same error you got but I was finally able to give it a try and did have it fail.
To document for anyone else to attempt I created a simple main.tf containing the following:
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 3.0"
}
}
required_version = ">= 0.13"
}
provider "aws" {
region = "us-east-1"
profile = "sandbox"
}
resource "aws_s3_bucket" "test" {
tags = {
Name = "Test bucket"
}
}
Inside my ~/.aws/config I had the sandbox profile configured as:
[profile sandbox]
sso_start_url = https://[sso name].awsapps.com/start
sso_region = us-east-1
sso_account_id = [my AWS account ID]
sso_role_name = AWSAdministratorAccess
region = us-east-1
I performed my aws sso login --profile sandbox and authenticated, in my case with Okta with MFA, and then proceeded with running the following:
terraform init
terraform fmt
terraform plan
I was good until the plan was being executed where I received the following:
Error: error configuring Terraform AWS Provider: no valid credential sources for Terraform AWS Provider found.
Please see https://registry.terraform.io/providers/hashicorp/aws
for more information about providing credentials.
Error: SSOProviderInvalidToken: the SSO session has expired or is invalid
caused by: expected RFC3339 timestamp: parsing time "2021-04-16T00:26:08UTC" as "2006-01-02T15:04:05Z07:00": cannot parse "UTC" as "Z07:00"
on main.tf line 12, in provider "aws":
12: provider "aws" {
I know the credentials are actually good as an aws s3 ls --profile sandbox command and it executes just fine without issue. So I would assume this is an issue inside the Terraform AWS provider and how it is parsing the credentials when using SSO.