Skip to main content

Use Basic Provider Block for Root-level Components

Date: 19 Oct 2021

Needs Update!

The content in this ADR may be out-of-date and needing an update. For questions, please reach out to Cloud Posse

Status

ACCEPTED

Context

We Use Terraform Provider Block with compatibility for Role ARNs and Profiles in all components other than the root-level components. By root-level we are referring to components that are provisioned in the top-level AWS account that we generally refer to as the root account.

The problem arises when working with the root account during a cold-start when there’s no SSO, Federated IAM or IAM roles provisioned, so if we used the role_arn or profile it would not work. That’s why we assume the administrator will use their current AWS session to provision these components, which is why we do not define the role_arn or profile in provider { ... } block for the components like sso or account .

Decision

DECIDED: Use the following basic provider block in root components.

provider "aws" {
region = var.region
}

Consequences

  • Update any root-level components to use this block

References