If you create a profile through SSO using the AWS CLI with
aws configure sso , you should be able to then use this profile name within Terraform, either by setting it within the Terraform provider , or by setting the
AWS_PROFILE environment variable in the shell before you run
 https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html#sso-configure-profile-auto  https://registry.terraform.io/providers/hashicorp/aws/latest/docs#shared-configuration-and-credentials-files
The existing answers are good, I'm just going to give you a warning about actually using Terraform + AWS SSO... The role that is used to create resources in AWS will be the owner of certain resources (like your EKS cluster). This situation is worse with KMS keys! if your SSO administrator deletes and recreates the permissions set that Terraform uses, you could be left with KMS keys that you have no access to. I ran into this! The AWS Identity Center permissions sets got refactored, and the KMS keys that were created via the terraform-aws-modules/eks module were left 'orphaned'. Not even the root account can recover these. I need to contact AWS Support, but since this is not a production account I do not have it on a paid support plan. (AWS Support, unlike Billing, is not consolidated under an AWS Organization, it's a per-account charge)
Just authenticate and export the AWS_PROFILE, terraform will automatically use the temporary credentials you obtained stating ss login in the CLI.
To operate on different account do as usual, using multiple profiles aliases.
If you use ControlTower you need to deploy a custom role, moreover the use of AWS_PROFILE in team is a mess because you must have the same profile name set on each local machine that run that code. Also in a pipeline could be a problem.
- asked 6 months ago
- asked 7 months ago
- AWS OFFICIALUpdated 3 years ago
- How can I resolve the IAM Identity Center error message "This permission set is currently provisioned in xx AWS accounts"?AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
- How can I manage resources for my organization with multiple Firewall Manager administrator accounts?AWS OFFICIALUpdated 9 months ago
- EXPERTpublished 6 months ago
- EXPERTpublished 9 months ago