Pulumi\folks, if anyone has a reference for a doc\example:
Howdy folks. Looking to understand authentication options for Pulumi’s cross account deployment ability. Could anyone point me to a good resource? Thinking about Pulumi running in a CodeBuild build project in a devops account, deploying resources into an app account.
01/23/2024, 1:15 AM
The answer depends on the cloud. I'm guessing it's AWS, since you mention CodeBuild?
The account you're running from isn't relevant. You need an AWS provider for the account you are deploying to, and its credentials are acquired in the normal ways you do from the command line.
There are many features to help manage credentials, but the first place to start is the documentation for the AWS provider: https://www.pulumi.com/registry/packages/aws/api-docs/provider/
Providers can be defined to be implicitly available to resources ("default" provider), or you can pass a provider to each resource as you construct it. This is how a single stack can create resources in multiple accounts: have a provider for each account/region combination, and pass the providers around.
01/23/2024, 4:18 PM
01/23/2024, 6:52 PM
There are many places on the Pulumi site and in their GitHub repos with more docs and good examples, but since it's such a wide area with lots of right answers, depending on your goal, use case and preferences, it's a bit risky to point at specific docs without knowing more. Search the Pulumi site, use google, and come back with more questions 🙂