How to make Terraform use the AWS credential_process?

Question

I'd like to use the credential_process configuration option in ~/.aws/config to source credentials for the AWS provider in Terraform.

I see that support for credential_process was recently (9 days ago) added to the AWS GO SDK v1.16.4. I also see that the AWS GO SDK dependency was changed to that version in the Terraform AWS provider even more recently (11 hours ago).

Once the next Terraform AWS provider version (apparently v1.52.0) is released do I automatically get support for the credential_process functionality?

With Terraform v0.11.10 and provider.aws v1.51.0 the credential_process does not appear to be used, as I get the following error:

* provider.aws: error validating provider credentials: error calling sts:GetCallerIdentity: NoCredentialProviders: no valid providers in chain. Deprecated.

I do have AWS_SDK_LOAD_CONFIG=1 in the environment as suggested by the SDK documentation. Is that needed with Terraform or does it load ~/.aws/config anyway?

Answer 1

The credential_process configuration option works with Terraform v1.52.0 and later. So to answer the my own question, I just needed to wait for the release.

As noted by others, the AWS_PROFILE environment variable can be used to select a profile. This is not specific to using the credential_process, though.

Answer 2

Use AWS_PROFILE and AWS_SDK_LOAD_CONFIG:

AWS_PROFILE=foo AWS_SDK_LOAD_CONFIG=1 terraform plan

Issue discussing profile vars and credential_process: https://github.com/terraform-providers/terraform-provider-aws/issues/6913

Answer 3

All you have to do is export AWS_PROFILE="x" and terraform will use it.