If you’ve had to configure AWS SSO for authenticating terraform then you know the set up can be a pain. This is due to terraform not working with the new AWS config format (issue here https://github.com/hashicorp/terraform/issues/32465)
Here are two ways I’ve used to get it working:
Run aws configure sso with the following values:
Now set your environment to use the newly created profile:
Older versions of Terraform didn't support the AWS config in the format that the AWS CLI generated it, so you had to make changes manually. These are no longer requred in version 1.6, but I'll keep the instructions here for reference.
Edit your ~/.aws/config to work around this issue: https://github.com/hashicorp/terraform/issues/32465
You should see the following approval page. If you see a different page, it likely won't work. If this happens double check you have removed sso_session from the profile section before running aws sso login
If you are seeing errors like this:
It’s probably because you haven’t removed the sso_session line. It might also be worthwhile clearing your credentials cache: rm -rf ~/.aws/sso
Using AWS-Vault can simplify the above.
This step goes after aws configure ssoand replaces all other steps.
First install AWS Vault (https://github.com/99designs/aws-vault)
Once we have created the profile we can create a shell with this auth:
If you'd like to see a working example of using SSO and OIDC we've created a example repo here: https://github.com/overmindtech/terraform-example