search

sspinc / terraform-provider-credstash

Terraform provider for secrets stored with credstash
MIT License
68 stars 35 forks source link

Feature Request - Support AWS Single Sign On Profiles #24

Open vikas027 opened 3 years ago

vikas027 commented 3 years ago

Environment

❯ terraform version
Terraform v0.14.6
+ provider mycorp/sspinc/credstash v0.5.0
+ provider registry.terraform.io/hashicorp/aws v3.28.0
+ provider registry.terraform.io/hashicorp/null v3.0.0

Problem

AWS Single Sign On (SSO) uses AWS CLI v2 and stores profiles in directory ~/.aws/sso and refer them here ~/.aws/config. It does not uses file ~/.aws/credentials

The credstash terraform provider expects the profile in ~/.aws/credentials and if not configured throws below error.

Error: NoCredentialProviders: no valid providers in chain. Deprecated.
        For verbose messaging see aws.Config.CredentialsChainVerboseErrors

It would be good if it can also read profiles configured in ~/.aws/config which can also refer to credentials in ~/.aws/sso directory.

Workaround

The current workaround is to get the AWS temp keys and store it as a profile in ~/.aws/credentials

Possibly Related