Bump aws-sdk-go version at least 1.37.X

[life360-vinny]

Terraform Version

0.13.6 and 0.12.X

Use-cases

We would like to take advantage of the AWS SSO Credential Provider, which was added to the aws-sdk-go in v1.37.0.

Main.tf might contain

#update to required_providers at some point
provider "aws" {
  region                  = "us-east-1"
  version                 = "~> 3.36"
  allowed_account_ids     = ["XXXXXXXXXXXX"]
  skip_metadata_api_check = false

}

terraform {
  backend "s3" {
    bucket                  = "XXXX"
    key                     = "tfstate/xxxx.tfstate"
    region                  = "us-east-1"
    skip_metadata_api_check = false
  }
}

my ~/.aws/config might look like

[profile AWS_SSO_PROFILE_NAME]
sso_start_url = https://d-XXXXXXXXX.awsapps.com/start/
sso_region = us-east-1
sso_account_id = 123456789012
sso_role_name = AdministratorAccess
region = us-east-1
output = json

Then run
AWS_PROFILE=AWS_SSO_PROFILE_NAME terraform [init | apply | etc]

Attempted Solutions

Not currently possible

Proposal

Would it be possible to bump the version of aws-sdk-go in the latest versions of Terraform 0.12 and 0.13 to v1.37.2 or higher, which would transparently add this capability?

References

Feature added to aws-sdk-go

aws/aws-sdk-go#3755

bugfix

aws/aws-sdk-go#3769

Blogpost:

https://aws.amazon.com/blogs/developer/aws-sso-support-in-the-aws-sdk-for-go/

[life360-vinny]

#28394
Ready for merge (v0.13)

[life360-vinny]

#28398
Ready for merge (v0.12)

[life360-vinny]

#28399
Ready to merge (v0.14)

[life360-vinny]

@bflad this looks related to the PR you merged last month:
#27620

And closes the following bug for current users:
aws/aws-sdk-go#3769

[life360-vinny]

#28400

[apparentlymart]

Hi @life360-vinny! Thanks for working on these.

Terraform v0.12 and v0.13 are no longer actively maintained, so we will not change the SDK version in those old releases.

v0.14 is still in support but with v0.15 now released we will typically only backport bug fixes to it, and not new features such as this.

If this AWS SDK update doesn't include any changes that would change behavior of existing configurations then we would likely accept it for v0.15, although it would need to be merged into the main branch first and then we'd backport it separately from there.

With all of that said, would you mind making sure there's only one PR for this targeting the main branch and close all of the others? We'll still need to do some analysis to understand the risk of backporting this into the v0.15 line (vs. waiting for the next major release) but we'd leave that up to the judgement of the AWS provider team, since they are more familiar with the implications of AWS SDK upgrades than the Terraform Core team is.

Thanks again!

[b-dean]

I wish you'd update to at least v1.38.42 so you can get the fix that allows you to have sso and credential_process in the same profile. See aws/aws-sdk-go#3763 and aws/aws-sdk-go#3905

[gdavison]

Starting with version 1.6 of Terraform, the S3 backend will be using the AWS SDK for Go v2.

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.