terraform remote does not support assuming roles

[gtmtech]

When storing state in aws s3 via terraform remote, the pulling and pushing of the terraform.tfstate file from the s3 bucket is done prior to reading from any aws provider resource - in fact this action is provider-less, and relies on plain vanilla environment based aws credentials to do so.

This is unfortunate as a lot of work has been put into the aws provider to provide different options such as assuming roles.

So to get assume-roles properly working, you have to assume-role in aws cli first, in order to run terraform remote, to get the state, followed by terraforming which then uses the aws provider to assume-role again. This is needlessly complex - why cant the terraform remote use a named aws provider to do its bidding, and define the credentials in the same way?

This is non-ideal!!!!

(terraform all versions)

[stack72]

Hi @gtmtech

What version of Terraform are you using here? We just released support for this feature in Terraform 0.8.7 via PR #10067

Is this what you were looking for?

Paul

[gtmtech]

Beautiful!!! I should have said, apologies, didnt see 0.8.7 was out

[stack72]

No worries :)

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.