I’m struggling to set up a certificate for a Cloudfront distribution. Firstly, it’s not clear from the documentation that the certificate needs to be in

us-east-1

. The table here: https://www.pulumi.com/registry/packages/aws/api-docs/cloudfront/distribution/#distributionviewercertificate …says that it’s necessary if you are setting

acm_certificate_arn

, but I’m setting

iam_certificate_id

where it doesn’t state that requirement. Once I figured that out, I’m drawing a blank on how to get this done. I read this article here, which made it seem simple: https://www.pulumi.com/blog/deploy-to-multiple-regions/ So I just create a region and pass it in to the resources I want to create in the other region, right? Well when I do that, I get:

error: unable to validate AWS credentials. Make sure you have:

• Set your AWS region, e.g. `pulumi config set aws:region us-west-2`

pulumi refresh

works fine, though, so it’s not a credentials issue as far as I can see. I’ve tried removing the region from the Pulumi config, from the AWS config, I’ve tried manually passing in the primary region to all my other resources… no matter what I do, as soon as I try to use the approach from the article, it stops me from getting anywhere at all. What am I missing? Edit: Figured it out. When you create a provider with

Provider('foo', region='us-east-1')

, it discards any other configuration. So if you are using a non-default AWS profile, then you end up using a completely different profile and you need to use

Provider('foo', region='us-east-1', profile='bar')

instead.