https://pulumi.com logo
#aws
Title
# aws
r

red-appointment-82154

12/22/2023, 7:33 AM
hey folks, is it possible to create resources in another account using an existing cross account role with pulumi? i tried looking into providers but couldn't get it to work
g

great-sunset-355

12/22/2023, 3:34 PM
Create a provider with
assumeRole
https://www.pulumi.com/registry/packages/aws/api-docs/provider/
Copy code
this.provider = new aws.Provider(
      name,
      {
        assumeRole: {
          roleArn: roleArnToAssume,
          sessionName: "PulumiSession",
          externalId: "PulumiApplication",
        },
        region: aws.config.requireRegion(),
        skipCredentialsValidation: true,
      },
      { parent }
    );
a

ambitious-lion-49640

01/03/2024, 3:39 PM
I'm having the same issue right now.
For Python, I fixed it by doing this:
Copy code
test_provider = aws.Provider(
    "testprovider",
    assume_role=aws.ProviderAssumeRoleArgs(
        role_arn="arn:aws:iam::<awsaccount>:role/test-role",
        session_name="PulumiSession",
    ),
    # assume_role={
    #     "role_arn": "arn:aws:iam::<awsaccount>:role/test-role",
    #     "session_name": "PulumiSession",
    #     # "externalId": "PulumiApplication",
    # },
    region="us-east-1",
    default_tags={"tags": {"created-by": prefix}},
)
I used aws.ProviderAssumeRoleArgs instead of just an object like in the commented out piece.