Hi, I’m defining all providers dynamically. On our local laptops we want to utilise AWS Profiles (via SSO). In our CI/CD pipeline (thinking about using the Kubernetes Operator for GitOps) we want to use role assumption. Anyone got any pointers in how to make the difference in a good way? Because I think all the provider settings are always stored in the state and it would mean it the state would always “bounce” between profile and a role arn which would pollute the activity

We use SSO profiles locally and role assumption in our CI (GitLab CI). We don't have any issues with the activity pollution you mention in most of our apps, however there have been a couple where we dynamically create providers and that did cause pollution in the activity due to profile changes. To remedy this we added

ignoreChanges: [‘profile’]

to the provider resource we were creating. Hope this helps?

We do something similar but our solution is to do the role assumption in ~/.AWS/config profiles. So long as our ultimate profiles have the same name in both cases, our source can be used unchanged.

Thanks both! Ill try both out later on 🙂