Problem
Terraform Cloud may fail during Drift Detection due to problems with authorization:
{:error=>"RestClient::SSLCertificateNotVerified", :id=>999999, :message=>"SSL_connect returned=1 errno=0 state=error: certificate verify failed (certificate has expired)"}
Error: error configuring Terraform AWS Provider: error validating provider credentials: error calling sts:GetCallerIdentity: operation error STS: GetCallerIdentity, https response error StatusCode: 403, RequestID: 88888888-3756-4753-96f6-8888888888, api error ExpiredToken: The security token included in the request is expired{:exception=>"Faraday::SSLError", :message=>"SSL_connect returned=1 errno=0 state=error: certificate verify failed (certificate has expired)"Cause
Drift checks rely on a snapshot of the last successful run on a workspace. The snapshot may include credentials for the downstream providers that may have expired since the successful run.
Solution
For credential rotation to be pulled into drift checks, you will need to start a new run with up to date credentials.