fix: bump aws-sdk-go from 1.44.122 to 1.44.298

[jBouyoud]

Same as #33522 on main target

Upgrade aws-sdk-go to v1.44.298, which enables support for Identity Center/SSO.

Ref: https://github.com/aws/aws-sdk-go/releases/tag/v1.44.298

Fixes #32448
Fixes #32465

Target Release

1.5.x

Draft CHANGELOG entry

Bump aws-sdk-go from 1.44.122 to 1.44.298 (support SSO in AWS backend)

BUG FIXES

When using the aws backend, Terraform no longer throws:

Error: error configuring S3 Backend: Error creating AWS session: profile "xxx" is configured to use SSO but is missing required configuration: sso_region, sso_start_url

[crw]

Thanks! Note for the core team, we have @gdavison 's approval to merge this change (via Slack).

[johnnywalker]

@crw @jBouyoud I left a comment on #33522 but wanted to reiterate here. I originally bumped the version on main instead of v1.5 and began using the fork locally. I noticed some strange latency when running any terraform command that used an S3 backend, but this became very conspicuous when applying changes on a larger config. Terraform would batter the CPU for several seconds (duration seemed proportional to number of Terraform resources), but everything worked as advertised once the plan was constructed.

I enabled debug logging to troubleshoot, and Terraform produced several MBs of logs describing repeated attempts to construct the graph. A quick diff against logs produced by v1.5.3 showed a stark contrast in behavior that did not seem commensurate with the change.

After comparing logs, I looked for other changes and noticed the aws-sdk-go-v2 dependencies in go.sum. I assumed these changes were related to ongoing work to migrate to the newer SDK and cherry-picked my changes to v1.5 instead. This resolved the bug immediately, and I've been using the patched version since with delight.

[gdavison]

Thanks for pointing this out, @johnnywalker. We haven't added the aws-sdk-go-v2 dependencies yet, so it looks like something else pulled them in.

Have you tried using a different backend with the current main code? I don't think the backend shouldn't be involved in building the graph, but I'm not sure. Maybe @crw could comment. Would you be able to share the logs?

[dosilyoun]

@johnnywalker @jBouyoud @crw This aws go sdk dependency update affects a lot of functionality, like sso or region support regarding backends. Is there any progress here?

[johnnywalker]

@gdavison Sorry for the slow response - I'll try and reproduce the issue with this branch and share logs.

[kmoe]

Thanks for this @jBouyoud and @johnnywalker. As of #33730, main has upgraded to AWS SDK v2 throughout.

@johnnywalker I've attempted to reproduce what you described in #33607 (comment) with 1000 resources and saw no difference between main and v1.5.6. The logs look normal in both cases and I couldn't see any extra delay communicating with the S3 backend. If you're able to reproduce this issue in main or the next release (which will be the first 1.6.0 beta) please open an issue so we can investigate further.

[AMMullan]

@kmoe - I presume closing this means that Terraform 1.5 branch won't be getting the later SDK? This is a blow to those of us that can't use TF 1.6+

[crw]

@AMMullan Correct. This is the standard Terraform development workflow. These changes are unlikely to have ever landed in 1.5.x, that is not typically how we develop the product.

[github-actions]

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active contributions.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.