How are aws.Provider resources typically configure...
# pulumi-deploymentsl
little-cartoon-10569
01/18/2024, 12:33 AMHow are aws.Provider resources typically configured when supporting Pulumi Deployments? Does the default provider work? If I don't want to use the default provider, do I need to create an instance of aws.Provider using the default profile? The only snippet I can find that seems to describe how to do it is this bit at https://www.pulumi.com/docs/pulumi-cloud/oidc/aws/:
The fetched credentials are published in the AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, and AWS_SESSION_TOKEN environment variables.
little-cartoon-10569
01/18/2024, 12:36 AMI'm probably confusing myself because my project uses more than one aws.Provider, to deploy to different accounts / regions. I'm guessing that the only way to achieve this with Pulumi Deployments is to set up new Profiles that use source_role_arn, but if I do this, where are the profiles stored? There is no ~/.aws/config file.
little-cartoon-10569
01/18/2024, 12:37 AMPulumi ESC seems like the way around this, but I want to work on that separately, later; I'm doing a PoC on Pulumi Deployments, which needs to complete before I start the PoC on Pulumi ESC.
r
red-match-15116
01/18/2024, 12:46 AMDo your different providers use separate sets of credentials?
red-match-15116
01/18/2024, 12:47 AMWe have a project that does this but the credentials for account 1 assume a role in account 2
l
little-cartoon-10569
01/18/2024, 12:47 AMYes, at the moment. The current solution uses different AWS profiles, which use the same base creds.
little-cartoon-10569
01/18/2024, 12:49 AMI'd rather not have role assumption in code; the AWS profile solution is working nicely.
little-cartoon-10569
01/18/2024, 12:49 AMBut if that's the best solution, I can do that.
r
red-match-15116
01/18/2024, 12:49 AMYou could write the
~/.aws/configl
little-cartoon-10569
01/18/2024, 12:50 AMIs that available in Pulumi deployments? And can I set up pre-run commands using another project? I was reading about setting up Deployments via IaC just a few minutes ago... that'd be a good solution if it's valid.
r
red-match-15116
01/18/2024, 12:51 AMah yeah you should be able to write whatever files you need using prerun commands. and yes you can define your deployment settings using the pulumiservice provider
l
little-cartoon-10569
01/18/2024, 12:51 AMCool, then that'll be what I'll work on next 🙂 Thanks again!
r
red-match-15116
01/18/2024, 12:51 AMnp!