Allow passing the assume_role ARN via an environment variable

[orf]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

In some situations it would be very handy to be able to do:

AWS_ASSUME_ROLE_ARN=xyz terraform plan

The "recommended" way is to create a AWS config file with the assume_role key, but there are have seemingly been a lot of bugs around this functionality (and indeed it does not currently work). Creating the config file in CI environments can be tricky and annoying, especially if you have the ARN in an environment variable already.

New or Affected Resource(s)

The AWS provider itself.

References

• Assume Role via .aws/config profiles does not work #11429

• 'Multiple configurations present' error when overriding provider roles #11079

• Assume Role still not working in provider #10507

• Can not use "shared_credentials_file" with "$HOME" in combination "assume_role.role_arn" #9352

[bflad]

See also: aws/aws-sdk-go-v2#2867

I would suggest we wait until the AWS SDK team provides some guidance on the naming (for reasons in the mentioned issue), before we go about our own implementation. Though theoretically if the AWS Go SDK implements that feature request, no work should be required in the Terraform AWS Provider beyond just upgrading our AWS Go SDK dependency and cutting a release.

[github-actions]

Marking this issue as stale due to inactivity. This helps our maintainers find and focus on the active issues. If this issue receives no comments in the next 30 days it will automatically be closed. Maintainers can also remove the stale label.

If this issue was automatically closed and you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thank you!

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.