I cannot find a way to add role_arn to my GitLab CI/CD pipeline. I currently add it as below:

variables: 
 TF_ROOT: "/builds/*companyname*/aws/Live"
 ROLE: role_arn_live
 AWS_DEFAULT_REGION: "eu-west-1"

This is the error I get in the build phase of the pipeline:

If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
$ terraform plan -out=tfplan
Planning failed. Terraform encountered an error while generating this plan.
╷
│ Error: No valid credential sources found
│ 
│   with provider["registry.terraform.io/hashicorp/aws"],
│   on main.tf line 2, in provider "aws":
│    2: provider "aws" {

However, if I use my IAM user access key, secret key and session token, the build step works perfectly. AWS state it is best to use temporary credentials hence why I went down the OIDC route. Link can be found here: https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html

This Is the script and I know Terraform is being phased out in GitLab v18.0 but I would ideally like to get this working using the Terraform template and I can research OpenTofu later.

include:
 - template: Terraform/Base.gitlab-ci.yml  
 
variables: 
 TF_ROOT: "/builds/*companyname*/aws/Live"
 AWS_ACCESS_KEY: $AWS_ACCESS_KEY
 AWS_SECRET_KEY: $AWS_SECRET_KEY
 AWS_DEFAULT_REGION: "eu-west-1"

stages:
 - validate
 - test
 - build
 - deploy
 - cleanup

fmt:
  extends: .terraform:fmt
  needs: []
  script:
    - cd ${TF_ROOT}
    - terraform fmt -check -recursive

validate:
  extends: .terraform:validate
  needs: []
  script:
    - cd ${TF_ROOT}
    - terraform init
    - terraform validate
    

build:
  extends: .terraform:build
  script:
    - cd ${TF_ROOT}
    - terraform init
    - terraform plan -out=tfplan
    
   

deploy:
  extends: .terraform:deploy
  dependencies:
    - build
  script:
    - cd ${TF_ROOT}
    - terraform apply 
  environment:
    name: $TF_STATE_NAME

Using the below script I can retrieve temporary credentials from AWS:

variables: 
 TF_ROOT: "/builds/*companyname*/aws/Live"
 ROLE: ${ROLE_ARN_LIVE}
 AWS_DEFAULT_REGION: "eu-west-1"

stages:
 - validate
 - test
 - build
 - deploy
 - cleanup

fmt:
  extends: .terraform:fmt
  needs: []
  script:
    - cd ${TF_ROOT}
    - terraform fmt -check -recursive

validate:
  extends: .terraform:validate
  needs: []
  script:
    - cd ${TF_ROOT}
    - terraform init
    - terraform validate
    

build:
  extends: .terraform:build
  script:
    - cd ${TF_ROOT}
    - terraform init
    - terraform plan -out=tfplan
    
   

deploy:
  extends: .terraform:deploy
  dependencies:
    - build
  script:
    - cd ${TF_ROOT}
    - terraform apply -auto-approve tfplan
  environment:
    name: $TF_STATE_NAME

I tried to merge the script but I kept getting ‘ No AWS credentials found’

I tried merging the two scripts, so the CI/CD pipeline can use the temporary credentials but this did not work.