I've split my pulumi program into two parts: "base", where I create a new AWS account including a new user in our organization and "actual" where I create the resources. base has the access key ID and secret access key as output.
I'm importing base as a StackReference in "actual" and want to configure the default aws provider with these credentials.
Is this possible?
01/14/2024, 6:18 AM
I'm not 100% if its possible or not, but you definitely should not pass around AWS creds like this.
01/14/2024, 6:21 AM
Can you elaborate? Pulumi prides itself with secrets as a first class citizen - why not use them?
(but even if "base" would store them in a key vault from where "actual" reads them, the question remains the same: How to configure the default / implicit provider at runtime?)
01/16/2024, 11:09 PM
I believe you'll need to create an explicit provider in order to do what you're seeking.