Using static credentials in your Terraform Cloud workspaces to authenticate providers presents a security risk, even if you rotate your credentials regularly. Dynamic provider credentials improve your security posture by letting you provision new, temporary credentials for each run. They are generated on demand, as opposed to static credentials, which are defined ahead of time and shared. Dynamic credentials do not require manual rotation or revocation when they are no longer needed.

Our goal today is to set up and use Dynamic provider credentials, with AWS, for Terraform Cloud.