The AWS provider block should not contain hardcoded credentials. These can be passed in securely as runtime using environment variables.
Exposing the credentials in the Terraform provider increases the risk of secret leakage
Don’t include access credentials in plain text
The following example will fail the aws-misc-no-exposing-plaintext-credentials check.
The following example will pass the aws-misc-no-exposing-plaintext-credentials check.