https://pulumi.com
Join Slack
Hi everyone, I'm using Pulumi with the Automation API and running it in AWS CodeBuild and locally. I...
# getting-started
d
Hi everyone, I'm using Pulumi with the Automation API and running it in AWS CodeBuild and locally. I want to authenticate Pulumi with AWS without using 
AWS_ACCESS_KEY_ID
and 
AWS_SECRET_ACCESS_KEY
. I know that AWS CodeBuild has an IAM role, but how do I ensure Pulumi picks it up? Also, for local development, what is the best practice—AWS profiles, AWS SSO, or something else?
b
The IAM role should just get used if its available. For local dev, AWS SSO is the correct way https://leebriggs.co.uk/blog/2022/09/05/authenticating-to-aws-the-right-way
h
Yep... I set the 
AWS_PROFILE
env var when running pulumi commands. This way the same pulumi code will work in both places / anywhere
d
I run it from AWS Code Build but i get error: 
Command failed with exit code 255: pulumi up --yes --skip-preview --message Executed from codebuild --refresh --diff --parallel 1 --client=127.0.0.1:33929 --exec-kind auto.inline --stack platform-iac-bastion-role --non-interactive
621
error: pulumi:providers:aws resource 'default_6_56_0' has a problem: No valid credential sources found.
b
can you run 
aws sts get-caller-identity
before pulumi and see if you have a valid iam role
d
its also for Pulumi cloud? i have valid iam role and ful access but i get error
What is the best practice in Pulumi Cloud?
6 Views
Open in Slack
PreviousNext
Powered by

Pulumi Community

No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Powered by