magnificent-pillow-80370
04/19/2023, 3:25 PMsteep-toddler-94095
04/19/2023, 5:20 PMroleToAssumeARN
in your stack config https://github.com/pulumi/examples/blob/68631508e6ed42fc28a32f8d0ca7af913bdffe51/aws-py-assume-role/assume-role/__main__.py#L7magnificent-pillow-80370
04/20/2023, 11:50 AMrole_arn = "arn:aws:iam::123456789:role/role_name"
# Create a new AWS provider that uses the assumed role
aws_provider = Provider("custom", region="us-east-1", assume_role={"role_arn": role_arn,
"session_name": "session_name"})
sts_client = boto3.client("sts")
# Assume the role and get the credentials
assumed_role = sts_client.assume_role(RoleArn=role_arn,
RoleSessionName="pulumi_role_session",
)
# Set assumed role credentials
assumed_role_credentials = assumed_role["Credentials"]
# Create the AWS provider with temporary credentials
aws_provider = aws.Provider("temp_creds_provider",
access_key=assumed_role_credentials["AccessKeyId"],
secret_key=assumed_role_credentials["SecretAccessKey"],
token=assumed_role_credentials["SessionToken"],
region="us-east-1",
)