https://pulumi.com logo
Powered by
#aws
Title
p

proud-noon-87466

08/25/2023, 5:55 PM
What's the best way to return to a previous role in AWS? I am running a pulumi script with this in the yaml config
Copy code
aws:assumeRole:
    roleArn: arn:aws:iam:...
However this role can't manage certain resources. I want to setup a new provider that uses my original privileged role to manage those resources. What's the best way to do that?
s

stocky-restaurant-98004

08/26/2023, 12:25 AM
aws:assumeRole
will be the default provider. If you explicitly create another provider, you can set `assumeRole`:
Copy code
const awsProvider = new aws.Provider("explicit-provider", {
    assumeRole: {
        roleArn: "your-role-arn"
    },
})
Ideally, you probably want a single role that can create resources in any account you want to use Pulumi with (with 
FullAdmin
perms).
Alternatively, you may want to do a role per stack with perms to create anything that stack would involve.
Powered by