How to reload the terraform provider at runtime to use the different AWS profile

Question

How to reload the terraform provider at runtime to use the different AWS profile.

Create a new user

resource "aws_iam_user" "user_lake_admin" {

  name = var.lake_admin_user_name
  path = "/"
  tags = {
    tag-key = "data-test"
  }
}

provider "aws" {
  access_key = aws_iam_access_key.user_lake_admin_AK_SK.id
  secret_key = aws_iam_access_key.user_lake_admin_AK_SK.secret
  region                  = "us-west-2"
  alias                   = "lake-admin-profile"
}

this lake_admin user is created in the same file.

trying to use

provider "aws" {
  access_key = aws_iam_access_key.user_lake_admin_AK_SK.id
  secret_key = aws_iam_access_key.user_lake_admin_AK_SK.secret
  region                  = "us-west-2"
  alias                   = "lake-admin-profile"
}
resource "aws_glue_catalog_database" "myDB" {
  name  = "my-db"
  provider = aws.lake-admin-profile
}

As I know terraform providers are executed first in all terraform files.

But is there any way we can reload the configurations of providers in the mid of terraform execution?

Answer 1

You can't do this directly.

You can apply the creation of the user in one root module and state and use its credentials in a provider for the second.

For the purposes of deploying infrastructure, you are likely better off with IAM Roles and assume role providers to handle this kind of situation.

Generally, you don't need to create infrastructure with a specific user. There's rarely an advantage to doing that. I can't think of a case where the principal creating infrastructure has any implied specific special access to the created infrastructure.

You can use a deployment IAM Role or IAM User to deploy everything in the account and then assign resource based and IAM policy to do the restrictions in the deployment.