Use Basic Provider Block for Root-level Components
Date: 19 Oct 2021
The content in this ADR may be out-of-date and needing an update. For questions, please reach out to Cloud Posse
Status
ACCEPTED
Context
We Use Terraform Provider Block with compatibility for Role ARNs and Profiles in all components other than the root-level components. By root-level we are referring to components that are provisioned in the top-level AWS account that we generally refer to as the root
account.
The problem arises when working with the root
account during a cold-start when there’s no SSO, Federated IAM or IAM roles provisioned, so if we used the role_arn
or profile
it would not work. That’s why we assume the administrator will use their current AWS session to provision these components, which is why we do not define the role_arn
or profile
in provider { ... }
block for the components like sso or account .
Decision
DECIDED: Use the following basic provider block in root components.
provider "aws" {
region = var.region
}
Consequences
- Update any root-level components to use this block