How do you think of this model for Terraform-alike?

[Magicloud]

1. Having an IAM role only for CI/CD.
2. At starting of the job, create some AWS secrets from Amber. Restrict them for CI/CD role.
3. Running Terraform (using data to reference to the secrets).
4. Succeeded or not, remove all secrets from AWS.

Hence we do not have AWS secrets for long term, and we do not have secret texts in Terraform artifacts.

[snoyberg]

Sorry, I'm not fully understanding the idea here.