Inject secrets into your Terraform configuration. Use Vault-generated dynamic credentials to provision infrastructure.
Configure the AWS Secrets Engine in Vault through Terraform, then use the short-lived, Vault-generated, dynamic secrets to provision EC2 instances