Menu
I need to get an Azure DevOps pipeline to run some terraform that will (for now, just to get it working!) build an S3 bucket in AWS. This in itself would be pretty straightforward - except the service account first needs to assume a particular role before it will have the necessary permissions. There's an AWS Toolkit for Azure DevOps extension, where you can create an AWS service connection and give it the role to assume - but you can't select this type of service connection in the Terraform extension, it only seems to allow simple client id/secret type of account config.
Does anyone have any success stories with this?
442
asked Dec 01 '25 20:12
I'm answering my own question in the hopes it helps someone who is also struggling with this! It turns out it's actually pretty simple and I kinda wish it hadn't taken me a day to figure it out.
So, after some digging (and some more understanding of Terraform and how providers work), I found you can do this:
provider "aws" {
region = var.region
assume_role {
role_arn = var.assumed_role
}
}
You throw this in your terraform main and it takes care of assuming the role directly - just store this as a pipeline variable and pass it in at runtime.
179
answered Dec 03 '25 10:12
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With