Terratest Unable to Use Terraform Provider with Assume Role

[AnkitGithubSpace]

Describe the bug
I am facing an issue when attempting to use a Terraform provider with an assume_role configuration in Terratest. The same Terraform provider configuration works when running directly from the CLI (e.g., terraform init and terraform plan). However, when executing the same configuration via Terratest, the provider is unable to assume the role and throws an error.

To Reproduce

1. I am facing an issue when attempting to use a Terraform provider with an assume_role configuration in Terratest. The same Terraform provider configuration works when running directly from the CLI (e.g., terraform init and terraform plan). However, when executing the same configuration via Terratest, the provider is unable to assume the role and throws an error.
2. Test the Terraform configuration manually:

• Run terraform init and terraform plan successfully using the AWS provider.

3. Create a Terratest script to test the same Terraform configuration:

package test

import (
    "os"
    "testing"
    "github.com/gruntwork-io/terratest/modules/terraform"
)

func TestTerraformModule(t *testing.T) {
    t.Parallel()
    terraformOptions := &terraform.Options{
        TerraformDir: "../",
        Vars: map[string]interface{}{
            "some_variable": "some_value",
        },
        NoColor: true,
    }

    terraform.InitAndPlan(t, terraformOptions)
}

Expected behavior
The Terratest script should successfully execute terraform init and terraform plan while using the AWS provider configured with the assume_role block.

Nice to have

Versions

• Terratest version:
• Environment details (Ubuntu 20.04, Windows 10, etc.):

Additional context
Add any other context about the problem here.

[wakeful]

Hey, can you share an example of a provider "aws" block? I'm interested in how you are configuring permissions. I tried to replicate your issue, but maybe you have a more complex setup.

Do you have any specific permissions assigned to the role you are using for running terratest?

[AnkitGithubSpace]

provider "aws" {
region = "ap-southeast-1"
assume_role {
role_arn = "arn:aws:iam::123456790:role/test-STG"
session_name = "RunnerSession"
}
default_tags {
tags = {
"Portfolio" = "abc"
"Application" = "terratest"
}
}
}

[wakeful]

It looks like we have a matching setup. Can you confirm what permissions are bound to the AWS credentials you are using when running terratest? (before assume)

• Is it just an assume role?
• Does the trust policy on the IAM role arn:aws:iam::123456790:role/test-STG allow role assumption from the terratest role?

[AnkitGithubSpace]

I have running terratest in runner and runner have permission to assume the role (arn:aws:iam::123456790:role/test-STG) and also I have added the trust relationship on role (arn:aws:iam::123456790:role/test-STG)

[wakeful]

Can you check if my example test works for you? You just need to update the IAM role that terraform should assume here.