I have been using aws as cloud service and terraform as IaC. It's very annoying to copy paste the credentials frequently. Is there any solution available for that or any work around other to use aws sso?
Asked
Active
Viewed 7,784 times
5
-
Did you follow e.g. https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html to get credentials in your CLI? – luk2302 Jun 07 '21 at 16:55
-
@luk2302 I have not tried. But would that help the issue ? I mean would the terraform will pick the aws sso credential if or unless it supports some similar feature ? – Aman Jun 08 '21 at 04:52
-
You should execute the sso login in a shell window and then in the same window run the terraform command which should then use the same credentials. – luk2302 Jun 08 '21 at 06:36
2 Answers
7
Premise
It was my understanding that there is a current issue between AWS SSO (authentication v2) and terraform; that only V1 authentication (access key and secret key) is reliably accepted.
For example, this open PR or this issue or this ongoing referenced merge
Work Around
There are a couple of projects that circumvent this issue by generating V1 creds from AWS SSO.
The one I use is a PyPi library called yawsso.
Try this:
pip3 install yawsso
yawsso login # this will authenticate - you no longer need to run 'aws sso login'
Note
Just make sure you use the right profile with export AWS_PROFILE=foo where "foo" would be in ~/.aws/config as [profile foo]
Bonus
yawsso will log you in on all profiles listed in the AWS config file, so you don't need to log in one-by-one into all profiles required at work
Ari
- 745
- 1
- 7
- 23
-
1according to https://github.com/hashicorp/terraform/issues/28872#issuecomment-972029772, the error was resolved as of terraform v1.06. – Steven Kalt May 11 '22 at 19:10
2
It seems that this is possible without external plugins now, see here: https://registry.terraform.io/providers/hashicorp/aws/latest/docs#shared-configuration-and-credentials-files
Example:
provider "aws" {
profile = "customprofile"
}
rewb0rn
- 98
- 8