Vault Terraform Provider IAM Auth

I am trying to configure the provider to use IAM auth and receiving the following error:

Error: Error making API request.

URL: PUT https://vault.nprod.dat.internal/v1/auth/aws/login
Code: 400. Errors:

  • didn’t supply required authentication values

I have configured the provider as such:

provider “vault” {
address = https://vault

auth_login {
  path = "auth/aws/login"
  parameters = {
    role = "iam-role"
  }
}

}

From the CLI I can authentication using: vault login -method=aws role=iam-role

Looking at the debug output

2020-07-13T13:18:26.745-0700 [DEBUG] plugin.terraform-provider-vault_v2.11.0_x4: PUT /v1/auth/aws/login HTTP/1.1
2020-07-13T13:18:26.745-0700 [DEBUG] plugin.terraform-provider-vault_v2.11.0_x4: Host: vault.nprod.xxx.internal
2020-07-13T13:18:26.745-0700 [DEBUG] plugin.terraform-provider-vault_v2.11.0_x4: User-Agent: Go-http-client/1.1
2020-07-13T13:18:26.745-0700 [DEBUG] plugin.terraform-provider-vault_v2.11.0_x4: Content-Length: 19
2020-07-13T13:18:26.745-0700 [DEBUG] plugin.terraform-provider-vault_v2.11.0_x4: X-Vault-Namespace:
2020-07-13T13:18:26.745-0700 [DEBUG] plugin.terraform-provider-vault_v2.11.0_x4: Accept-Encoding: gzip
2020-07-13T13:18:26.745-0700 [DEBUG] plugin.terraform-provider-vault_v2.11.0_x4:
2020-07-13T13:18:26.745-0700 [DEBUG] plugin.terraform-provider-vault_v2.11.0_x4: {
2020-07-13T13:18:26.745-0700 [DEBUG] plugin.terraform-provider-vault_v2.11.0_x4: “role”: “iam-role”
2020-07-13T13:18:26.745-0700 [DEBUG] plugin.terraform-provider-vault_v2.11.0_x4: }

It doesn’t look like the provider populates the necessary values for iam_http_request_method, iam_request_url, iam_request_body.

Should it not do this when saying use the AWS IAM authentication method much like vault CLI does?