backend/s3: Support assume_role_with_web_identity #31244
Comments
|
Picking this one up 👍, first time diving into the backends. |
|
Thanks for the enhancement request! |
|
There seems to be no support yet for I'm happy to put in some refactor work and make it inline with how the terraform-provider-aws handles I can't guarantee what the outcome will be of the refactor as awsbase/v2 seems to do things a bit differently.. terraform {
backend "s3" {
bucket = "mybucket"
key = "path/to/my/key"
region = "us-east-1"
assume_role {
// ....
}
assume_role_with_web_identity {
// ....
}
}
}If you can think of something more straight-forward to avoid the refactor, please share your thoughts with me @jbardin |
|
See (currently draft) PR for additional information. |
|
Hi, chiming in on the conversation. I believe more and more people in the community are facing the same situation as described by the original poster here. My company is also working on modernizing our pipelines and this capability would be really great to have in place for the Terraform s3 backend. Has there been any alternative approaches announced since June 2022? Anything I can do to help? |
|
Any further thoughts on this? |
|
Any news on supporting AssumeRoleWithWebIdentity for S3 backend? |
|
This will be resolved when #30443 is complete. It is an active project this quarter. |
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. |
The s3 backend currently does not support assuming a role with web identity.
This is currently supported by the aws provider and it would be good to have feature parity across the aws provider configurations.
Personally, I'd like to use this with github actions to federate access to a state backend from deployment pipelines whilst using a separate federated role for running terraform plan and apply operations.
The text was updated successfully, but these errors were encountered: