By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Using Terraform with AWS SSO accounts

1

Hi, I'm using ControlTower to deploy my infrastructure with multiple accounts. Now I want to use terraform but authentication is currently done via SSO and I have noticed that terraform isn't able to handle these kind of credentials. Which is the best way to use terraform with SSO ? I think the only way at the moment is to use a dedicated user in a separated account.

thank you guys, Ax.

Topics
Security, Identity, & Compliance
Tags
AWS Identity and Access ManagementAWS IAM Identity Center
Language
English
gx_ale
asked 3 years ago21.8K views
2 Answers
2

If you create a profile through SSO using the AWS CLI with aws configure sso [1], you should be able to then use this profile name within Terraform, either by setting it within the Terraform provider [2], or by setting the AWS_PROFILE environment variable in the shell before you run terraform apply.

[1] https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html#sso-configure-profile-auto [2] https://registry.terraform.io/providers/hashicorp/aws/latest/docs#shared-configuration-and-credentials-files

Ed
answered 3 years ago
0

If you use ControlTower you need to deploy a custom role, moreover the use of AWS_PROFILE in team is a mess because you must have the same profile name set on each local machine that run that code. Also in a pipeline could be a problem.

lpisciotta
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content