Using workload identity provider in AWS without IMDBS

[wellsiau-aws]

Description

I found that the hcp_iam_workload_identity_provider is very cool and allows me to reduce the number of secret zero that I need to handle. Especially when playing with demo / sandbox in my own dev environment / local.

Can we use the workload identity provider without relying on IMDBS to fetch detail such as the AWS region and role name?

I think it would be helpful to understand all environment variables that hcp provider expect to fetch when using credentials.json file.

For example, I was able to workaround the error below by exporting the AWS_REGION env vars.

Error: unable to create HCP api client: no valid credentials available: failed to get new token: failed retrieving AWS region from metadata endpoint: Get "http://169.254.169.254/latest/meta-data/placement/region": context deadline exceeded

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment