wooden-action-47328
03/06/2024, 5:21 PMwooden-action-47328
03/06/2024, 5:24 PMPulumi.yaml
references that bucket and aws profile. But if I want to put staging and production in two different AWS accounts, how do I arrange things to do that? Can the Pulumi.<stack>.yaml
files have their own backend url config attributes?wooden-action-47328
03/06/2024, 5:24 PMlittle-cartoon-10569
03/06/2024, 7:51 PMlittle-cartoon-10569
03/06/2024, 7:52 PMCan the Pulumi.<stack>.yaml files have their own backend url config attributes?No. The backend for the project is configured in the project. All the stack metainfo is stored in the one place. All the resources in the stacks can be in any account. There is no requirement for the Pulumi information to be stored anywhere near the resources.
wooden-action-47328
03/06/2024, 7:54 PMlittle-cartoon-10569
03/06/2024, 7:55 PMaws.Provider
as you need, and pass them to the resources as you construct them.
https://www.pulumi.com/registry/packages/aws/api-docs/provider/little-cartoon-10569
03/06/2024, 7:56 PMwooden-action-47328
03/06/2024, 7:56 PMlittle-cartoon-10569
03/06/2024, 7:56 PMlittle-cartoon-10569
03/06/2024, 7:56 PMlittle-cartoon-10569
03/06/2024, 7:57 PMwooden-action-47328
03/06/2024, 7:57 PMlittle-cartoon-10569
03/06/2024, 7:57 PMlittle-cartoon-10569
03/06/2024, 7:58 PMlittle-cartoon-10569
03/06/2024, 7:58 PMwooden-action-47328
03/06/2024, 8:00 PMbackend
attribute in Pulumi.yaml, which specifies a named aws role profile to use for the connectionlittle-cartoon-10569
03/06/2024, 8:00 PMwooden-action-47328
03/06/2024, 8:00 PMlittle-cartoon-10569
03/06/2024, 8:00 PMWe’re using the backend attribute in Pulumi.yaml, which specifies a named aws role profile to use for the connectionThat's the configuration defining where to store the Pulumi state. It's not the configuration used to deploy the actual resources.
wooden-action-47328
03/06/2024, 8:00 PMlittle-cartoon-10569
03/06/2024, 8:01 PMaws.Provider
, or the default AWS provider if you're not specifying that..little-cartoon-10569
03/06/2024, 8:01 PMwooden-action-47328
03/06/2024, 8:02 PMlittle-cartoon-10569
03/06/2024, 8:03 PMlittle-cartoon-10569
03/06/2024, 8:03 PMwooden-action-47328
03/06/2024, 8:04 PMlittle-cartoon-10569
03/06/2024, 8:09 PMwooden-action-47328
03/06/2024, 8:10 PMlittle-cartoon-10569
03/06/2024, 8:13 PMlittle-cartoon-10569
03/06/2024, 8:15 PMlittle-cartoon-10569
03/06/2024, 8:16 PMwooden-action-47328
03/06/2024, 8:16 PMlittle-cartoon-10569
03/06/2024, 8:17 PMwooden-action-47328
03/06/2024, 8:18 PMlittle-cartoon-10569
03/06/2024, 8:18 PMlittle-cartoon-10569
03/06/2024, 8:19 PMwooden-action-47328
03/06/2024, 8:19 PMlittle-cartoon-10569
03/06/2024, 8:21 PMwooden-action-47328
03/06/2024, 8:22 PMlittle-cartoon-10569
03/06/2024, 8:22 PMlittle-cartoon-10569
03/06/2024, 8:22 PMlittle-cartoon-10569
03/06/2024, 8:23 PMwooden-action-47328
03/06/2024, 8:23 PMlittle-cartoon-10569
03/06/2024, 8:23 PMpulumi:disable-default-providers:
- aws
little-cartoon-10569
03/06/2024, 8:24 PMwooden-action-47328
03/06/2024, 8:24 PMlittle-cartoon-10569
03/06/2024, 8:25 PMwooden-action-47328
03/06/2024, 8:25 PMlittle-cartoon-10569
03/06/2024, 8:26 PMfunction createS3Bucket(bucketName: string, provider: aws.Provider): aws.s3.Bucket {
return new aws.s3.Bucket(bucketName, {
bucket: bucketName,
acl: "private",
}, { provider: provider});
}
little-cartoon-10569
03/06/2024, 8:28 PMwooden-action-47328
03/06/2024, 8:30 PMwooden-action-47328
03/06/2024, 8:32 PMwooden-action-47328
03/06/2024, 8:36 PMlittle-cartoon-10569
03/06/2024, 8:38 PMpulumi destroy
on the old branch and pulumi up
on the new branch, then merge. If that's appropriate for your use case.little-cartoon-10569
03/06/2024, 8:40 PMlittle-cartoon-10569
03/06/2024, 8:43 PMwooden-action-47328
03/06/2024, 8:44 PMlittle-cartoon-10569
03/06/2024, 8:44 PMwooden-action-47328
03/06/2024, 8:45 PMlittle-cartoon-10569
03/06/2024, 8:45 PMlittle-cartoon-10569
03/06/2024, 8:46 PMlittle-cartoon-10569
03/06/2024, 8:49 PMlittle-cartoon-10569
03/06/2024, 8:50 PMlittle-cartoon-10569
03/06/2024, 8:51 PMaws
command, so there is a weakness: someone could replace that command with one that returns valid fake details, which could cause us to deploy to the wrong place.little-cartoon-10569
03/06/2024, 8:51 PMlittle-cartoon-10569
03/06/2024, 8:53 PMwooden-action-47328
03/06/2024, 9:01 PMssoProfileName
?wooden-action-47328
03/06/2024, 9:01 PMlittle-cartoon-10569
03/06/2024, 9:57 PMlittle-cartoon-10569
03/06/2024, 9:58 PMwooden-action-47328
04/08/2024, 5:39 PMsalmon-account-74572
04/08/2024, 7:03 PMAWS_PROFILE
environment variable (say, using something like direnv
) in the Pulumi project directory.wooden-action-47328
04/08/2024, 8:09 PMwooden-action-47328
04/08/2024, 8:10 PMlittle-cartoon-10569
04/08/2024, 8:13 PMlittle-cartoon-10569
04/08/2024, 8:14 PMIf not set, the default profile created with aws configure will be used.I read that as: the profile property trumps the non-Pulumi configuration. If profile isn't set, then use whatever's documented by AWS.
wooden-action-47328
04/08/2024, 8:18 PMwooden-action-47328
04/08/2024, 8:19 PMsalmon-account-74572
04/08/2024, 8:20 PMwooden-action-47328
04/08/2024, 8:23 PMsalmon-account-74572
04/08/2024, 8:27 PMwooden-action-47328
04/08/2024, 8:28 PMwooden-action-47328
04/08/2024, 8:29 PMwooden-action-47328
04/08/2024, 8:29 PMsalmon-account-74572
04/08/2024, 8:47 PMcuddly-journalist-77210
04/13/2024, 10:53 AMwooden-action-47328
04/13/2024, 9:59 PMwooden-action-47328
04/13/2024, 10:00 PMaws configure
will be used.“, which is not terribly helpful.cuddly-journalist-77210
04/14/2024, 8:07 AMcuddly-journalist-77210
04/14/2024, 8:09 AMwooden-action-47328
04/14/2024, 3:57 PM