https://pulumi.com
Join Slack
This message was deleted.
# getting-started
s
This message was deleted.
g
Does pulumi have a good way to manage cross-account AWS Secrets Manager secrets?
if you follow the OIDC docs to set up AWS secrets manager support, you can just rinse and repeat for roles on all your accounts, eg
Copy code
aws:
  acct1:
    fn::open::aws-login:
      oidc:
        roleArn: arn:aws:iam::111111111:role/esc-oidc
        sessionName: pulumi-environments-session
  acct2:
    fn::open::aws-login:
      oidc:
        roleArn: arn:aws:iam::999999999:role/esc-oidc
        sessionName: pulumi-environments-session
  secrets:
    fn::open::aws-secrets:
      region: us-west-1
      login: ${aws.acct1}
      get:
        api-key-acct1:
          secretId: api-key
    fn::open::aws-secrets:
      region: us-west-1
      login: ${aws.acct2}
      get:
        api-key-acct2:
          secretId: api-key
(or you can split into separate envs)
1
Open in Slack
PreviousNext
Powered by

Pulumi Community

No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Powered by