As organizations increasingly rely on automation tools like HCP Terraform to manage their AWS infrastructure, the complexity of configuring and securing their environments continues to grow. Operating at scale requires a faster, more consistent way to establish secure access without adding operational overhead. Through continuous co-innovation with AWS, HashiCorp has integrated a new access model directly with HCP Terraform’s dynamic provider credentials, simplifying cloud onboarding and securing infrastructure operations. With this approach, teams can reduce configuration burden by streamlining the steps required across IAM and networking to begin provisioning infrastructure quickly and securely.
This blog explores how an AWS delegation model can simplify this process by allowing customers to temporarily and securely delegate a subset of IAM permissions to trusted partners like HashiCorp. By enabling HCP Terraform to perform required setup steps on the customer’s behalf, organizations can reduce configuration burden, accelerate time to first deployment, and maintain strong security and governance controls.
»AWS temporary permission delegation
At re:Invent 2025 AWS introduced IAM temporary permission delegation enabling a just-in-time (JIT) delegation model for access. This capability allows customers to grant trusted partners short-lived, customer-approved access to automate onboarding and configuration of AWS services. Instead of relying on permanent permissions, organizations can grant ephemeral access to delegate a scoped set of IAM permissions for specific, time-bound tasks. This ensures partners act as temporary, controlled guests for approved tasks with customer-defined guardrails.
As a launch partner, HashiCorp integrated this capability into HCP Terraform’s dynamic provider credentials, which provide temporary, time-bound credentials generated on demand for each Terraform workload. Together, these capabilities enable the automated setup of IAM roles, permissions boundaries, and provider authentication with minimal manual configuration.
Set up AWS dynamic credentials with temporary IAM delegation.
View a list of configured AWS dynamic credentials in your workspace.
»Getting started
With this integration, organizations can simplify onboarding for AWS services, reduce configuration errors, and accelerate time-to-value while maintaining strict control over permissions. This capability is now available in HCP Terraform and coming soon to Terraform Enterprise. Please refer to Terraform’s dynamic provider credentials documentation for details on getting started.
If you are new to Terraform, you can get started with HashiCorp-managed HCP Terraform for free to begin provisioning and managing your infrastructure in any environment. And don’t forget to link your HCP Terraform and HashiCorp Cloud Platform (HCP) accounts for a seamless sign-in experience.
If you are new to Terraform, you can get started with HashiCorp-managed HCP Terraform for free to begin provisioning and managing your infrastructure in any environment. And don’t forget to link your HCP Terraform and HashiCorp Cloud Platform (HCP) accounts for a seamless sign-in experience.
