Vault-generated dynamic credentials can be used to provision infrastructure by storing long-lived AWS credentials in Vault's AWS Secrets Engine and leveraging Terraform's Vault provider to generate short-lived, appropriately scoped credentials. This approach eliminates the need for direct access to secrets and allows operators to manage permissions by modifying a Vault role's policy instead of managing static, long-lived secrets with varying scope. By using this method, developers can securely provision resources in AWS without compromising their security or freedom as developers.