docs: add document, how to execute terraform with mfa authentication

docs/en/developer_guidelines/faq.md

@@ -5,3 +5,44 @@ This document provides answers to frequently asked questions during development.
 Q. Where do I set the initial values for the development environment database?
 
 A. Initialization scripts are provided under `/backend/db/init`. These scripts are executed when starting the local environment database. If you need to set initial values beforehand, please edit these scripts.
+
+Q. How do I run Terraform when MFA is enabled?
+
+A. Please configure the following in `~/.aws/config`:
+
+```bash
+[profile myprofile]
+output=json
+region=ap-northeast-1
+role_arn=arn:aws:iam::01234567890:role/<IAM-role-name>
+mfa_serial=arn:aws:iam::12345678901:mfa/<IAM-user-name>
+
+[profile myprofile-tf]
+credential_process = aws configure export-credentials --profile myprofile
+```
+
+Use `myprofile-tf` in each Terraform configuration file. Set it as follows:
+
+```bash
+# terraform/infrastructure/example-dev/example-dev.tfbackend
+bucket         = "xxxxxxxxxxxxxx"
+key            = "xxxxxxxxxxxxxx"
+encrypt        = true
+profile        = "myprofile-tf"
+region         = "ap-northeast-1"
+dynamodb_table = "xxxxxxxxxxxxx"
+```
+
+```bash
+# terraform/infrastructure/example-dev/terraform.tfvars
+product = "oqtopus"
+org     = "example"
+env     = "dev"
+region  = "ap-northeast-1"
+db_user_name = "xxxxxxxxxxxxx"
+profile = "myprofile-tf"
+```
+
+After running `terraform init -backend-config=example-dev.tfbackend -reconfigure` under `terraform/infrastructure/example-dev`, you can execute `terraform plan` to run Terraform with MFA authentication.
+
+See details in here: [Terraform AWS Provider Issue #2420](https://github.com/hashicorp/terraform-provider-aws/issues/2420#issuecomment-1899137746)

docs/ja/developer_guidelines/faq.md

@@ -6,3 +6,44 @@ Q. 開発環境DBの初期値はどこで設定しますか？
 
 A. `/backend/db/init`配下に初期化用スクリプトを用意しています。ローカル環境のDBを立ち上げる際にこちらのスクリプトが実行されます。
 事前に初期値を設定する場合は、このスクリプトを編集してください。
+
+Q. MFAを有効にしている場合、Terraformの実行はどのように行いますか？
+
+A. `~.aws/config`に下記を設定してください
+
+```bash
+[profile myprofile]
+output=json
+region=ap-northeast-1
+role_arn=arn:aws:iam::01234567890:role/<IAMロール名>
+mfa_serial=arn:aws:iam::12345678901:mfa/<IAMユーザ名>
+
+[profile myprofile-tf]
+credential_process = aws configure export-credentials --profile myprofile
+```
+
+terraformの各設定ファイルでは`myprofile-tf`を利用します。下記のように設定してください。
+
+```bash
+# terraform/infrastructure/example-dev/example-dev.tfbackend
+bucket         = "xxxxxxxxxxxxxx"
+key            = "xxxxxxxxxxxxxx"
+encrypt        = true
+profile        = "myprofile-tf"
+region         = "ap-northeast-1"
+dynamodb_table  = "xxxxxxxxxxxxx"
+```
+
+```bash
+# terraform/infrastructure/example-dev/terraform.tfvars
+product = "oqtopus"
+org     = "example"
+env     = "dev"
+region  = "ap-northeast-1"
+db_user_name = "xxxxxxxxxxxxx"
+profile = "myprofile-tf"
+```
+
+`terraform/infrastructure/example-dev`配下で`terraform init -backend-config=example-dev.tfbackend -reconfigure`を実行後、`terraform plan`を実行することでMFA認証付きでのTerraform実行が可能です。
+
+詳細は以下を参照してください。 : [Terraform AWS Provider Issue #2420](https://github.com/hashicorp/terraform-provider-aws/issues/2420#issuecomment-1899137746)

terraform/infrastructure/example-dev/provider.tf

@@ -1,5 +1,5 @@
 
 provider "aws" {
-  profile = "${var.org}-${var.env}"
+  profile = var.profile
   region  = var.region
 }

terraform/infrastructure/example-dev/variables.tf

@@ -22,3 +22,8 @@ variable "db_user_name" {
   description = "db user name"
   type        = string
 }
+
+variable "profile" {
+  description = "aws profile"
+  type        = string
+}

terraform/service/example-dev/provider.tf

@@ -1,4 +1,4 @@
 provider "aws" {
-  profile = "${var.org}-${var.env}"
+  profile = var.profile
   region  = var.region
 }