https://pulumi.com logo
Join Slack
Powered by
This message was deleted.
# getting-started
s
This message was deleted.
e
I can run and configure aws on my client, but I thought esc is there to avoid storing those credentials in my local.
f
Hey @enough-shoe-73030! Have you imported your ESC environment into your Pulumi config file? You can take a look at this guide for an example.
e
Hi @fierce-night-38522, thanks for the link. I tried to follow that guidline, which section is exactly about importing ESC to Pulumi config?
f
It's the "Integrating with Pulumi IaC" section (if you click the above link it will take you right to it). You'll basically want to make sure you have added in your ESC file a second level key named 
pulumiConfig
and add your AWS environment variables underneath that:
Copy code
values:
  pulumiConfig:
    AWS_ACCESS_KEY_ID: ${aws.login.accessKeyId} //etc
and then in your Pulumi config file you want to add a top level key named 
environment
and provide the name of your environment underneath that
Copy code
environment:
  - <your-environment-name-here>
e
I see, I'll try it. thanks
f
no problem!
@enough-shoe-73030 Just a quick follow up to correct myself, the AWS environment variables in the ESC environment file should be defined under the 
environmentVariables
second level key and not the `pulumiConfig`:
Copy code
values:
  aws:
    login:
      fn::open::aws-login:
        oidc:
          duration: 1h
          roleArn: <your-role-arn>
          sessionName: esc-session
  environmentVariables:
    AWS_ACCESS_KEY_ID: ${aws.login.accessKeyId}
    AWS_SECRET_ACCESS_KEY: ${aws.login.secretAccessKey}
    AWS_SESSION_TOKEN: ${aws.login.sessionToken}
1
e
thanks alot I
👍🏾 1
I will update the result here
👍🏾 1
@fierce-night-38522, my ESC env ( called '`esc-dev`') is like this:
Copy code
values:
  aws:
    login:
      fn::open::aws-login:
        oidc:
          duration: 1h
          roleArn: <XYZ>
          sessionName: pulumi-environments-session
  environmentVariables:
    AWS_ACCESS_KEY_ID: ${aws.login.accessKeyId}
    AWS_SECRET_ACCESS_KEY: ${aws.login.secretAccessKey}
    AWS_SESSION_TOKEN: ${aws.login.sessionToken}
and 
esc run  reetl/esc-dev -i aws s3 ls
works perfectly. Now: 1. created a new Pulumi project/stack using this command: 
pulumi new aws-python
( named '`dev`') which created following files : ( 
Pulumi.yaml
and 
Pulumi.dev.yaml
) 2. no I'm trying to run 
Pulumi up
without need for having aws credential stored in my laptop. just using ESC . what is the next step here ? ( how do I connect ESC to Pulumi IaC? )
f
In the 
Pulumi.dev.yaml
file add the following:
Copy code
environment:
  - esc-dev
This is telling Pulumi IaC to import your ESC environment file into this configuration file.
e
I did and still getting the same error
ah. type there
but still getting error : unable to validate AWS credentials. Details: No valid credential sources found. Please see https://www.pulumi.com/registry/packages/aws/installation-configuration/ for more information about providing credentials.
f
And just to double check, was your Pulumi program created in the same Organization as your ESC environment file? (e.g. 
reetl
)
1
e
yes.
BTW the document here says 
environment*s*
not 
environment
( s at the end)
f
Have you tried it with 
environments
?
e
i tried both.
in other doc it says without "s" :
f
Thank you for pointing that out! We'll make sure to update the docs so that they are aligned. In my current IDE it is working with 
environment
. Let me see if I can try to reproduce
e
yes, now it's working without 's'.
awesome!
🙌🏾 1
I understand ESC is new, right? would be great to have an easy to understand guide for the integration with Pulumi IaC
👍🏾 1
f
Thank you for the feedback! We are currently working on adding content that will make this a lot clearer
🙌 1
e
awesome!
f
Would you mind sharing the link to the page that showed 
environments
? We will work on getting that updated asap
e
homepage of 
Environments
menu : https://app.pulumi.com/<XYZ>/esc
🙌🏾 1
5 Views
Open in Slack
PreviousNext
Powered by