Channels
#getting-started
Title
# getting-started
m
magnificent-pillow-80370
04/19/2023, 3:25 PManyone has issues assuming role in pulumi: https://github.com/pulumi/examples/blob/master/aws-py-assume-role/assume-role/__main__.py
s
steep-toddler-94095
04/19/2023, 5:20 PMdid you set
roleToAssumeARNm
magnificent-pillow-80370
04/20/2023, 11:50 AMI am passing role arn as the variable in the program:
Copy code
role_arn = "arn:aws:iam::123456789:role/role_name"
# Create a new AWS provider that uses the assumed role
aws_provider = Provider("custom", region="us-east-1", assume_role={"role_arn": role_arn,
"session_name": "session_name"})If I assume the role using sts and use it in aws provider, the code works fine. code doesn't work the way its mentioned in the example: https://github.com/pulumi/examples/blob/master/aws-py-assume-role/assume-role/__main__.py
Copy code
sts_client = boto3.client("sts")
# Assume the role and get the credentials
assumed_role = sts_client.assume_role(RoleArn=role_arn,
RoleSessionName="pulumi_role_session",
)
# Set assumed role credentials
assumed_role_credentials = assumed_role["Credentials"]
# Create the AWS provider with temporary credentials
aws_provider = aws.Provider("temp_creds_provider",
access_key=assumed_role_credentials["AccessKeyId"],
secret_key=assumed_role_credentials["SecretAccessKey"],
token=assumed_role_credentials["SessionToken"],
region="us-east-1",
)