This message was deleted Pulumi Community #getting-started

Join Slack

This message was deleted.

# getting-started

sparse-intern-71089

04/19/2023, 3:25 PM

This message was deleted.

steep-toddler-94095

04/19/2023, 5:20 PM

did you set

roleToAssumeARN

in your stack config https://github.com/pulumi/examples/blob/68631508e6ed42fc28a32f8d0ca7af913bdffe51/aws-py-assume-role/assume-role/__main__.py#L7

magnificent-pillow-80370

04/20/2023, 11:50 AM

I am passing role arn as the variable in the program:

Copy code

role_arn = "arn:aws:iam::123456789:role/role_name"
# Create a new AWS provider that uses the assumed role
aws_provider = Provider("custom", region="us-east-1", assume_role={"role_arn": role_arn,
                                                                   "session_name": "session_name"})

magnificent-pillow-80370

04/20/2023, 12:15 PM

If I assume the role using sts and use it in aws provider, the code works fine. code doesn't work the way its mentioned in the example: https://github.com/pulumi/examples/blob/master/aws-py-assume-role/assume-role/__main__.py

Copy code

sts_client = boto3.client("sts")

# Assume the role and get the credentials
assumed_role = sts_client.assume_role(RoleArn=role_arn,
                                      RoleSessionName="pulumi_role_session",
                                      )

# Set assumed role credentials
assumed_role_credentials = assumed_role["Credentials"]

# Create the AWS provider with temporary credentials
aws_provider = aws.Provider("temp_creds_provider",
                            access_key=assumed_role_credentials["AccessKeyId"],
                            secret_key=assumed_role_credentials["SecretAccessKey"],
                            token=assumed_role_credentials["SessionToken"],
                            region="us-east-1",
                            )

Open in Slack

Previous Next