Add ability to authenticate via a cross account role from a central account.

[DamaniN]

Is your feature request related to a problem? Please describe.

Some customers have tens, hundreds, or even thousands of accounts. For these customers with large numbers of accounts, creating an IAM role in each one to run Terraform is impractical or a best practice.

Describe the solution you'd like

This provider should support multi account strategies like getting credentials from Hashicorp's Vault or using AWS cross account roles. Often customers already have cross account roles with admin privileges established for this very purpose. The AWS provider supports cross account roles with a statement like this:

provider “aws” {
  region = “us-east-1”
  assume_role {
    role_arn = “arn:aws:iam::123456789012:role/iac”
  }
}

This provider should do something similar.

Describe alternatives you've considered

The workaround described in the aws_accounts relies on pre-created IAM users and therefore still does not help established automation practices.

Additional context

None

[johan3141592]

Hi @DamaniN!

We've just added support for AWS cross account roles to the provider (https://github.com/rubrikinc/terraform-provider-polaris/pull/55). Check out the following resources for more information:

• https://registry.terraform.io/providers/rubrikinc/polaris/latest/docs/resources/aws_account
• https://registry.terraform.io/providers/rubrikinc/polaris/latest/docs/guides/aws_cross_account_role
• https://github.com/rubrikinc/terraform-provider-polaris-examples/tree/main/aws_cross_account_role
• https://github.com/rubrikinc/terraform-provider-polaris-examples/tree/main/aws_cross_account_roles

Let me know if you think this will solve the problem you are seeing or if something more is needed.