https://pulumi.com logo
Title
f

flat-insurance-25294

01/25/2020, 3:52 AM
Hmm, is there a way to use STS or assume role instead of a pretty permissive Role with access token for CI? It would be cool to support https://github.com/99designs/aws-vault
w

white-balloon-205

01/25/2020, 4:36 AM
Yep - Pulumi should already work with that tool.
f

flat-insurance-25294

01/25/2020, 4:37 AM
You sure? Because it no longer uses the access token in .aws/ etc.
w

white-balloon-205

01/25/2020, 4:48 AM
I haven’t tried it myself - but it sets the environment variables that Pulumi reads: https://github.com/99designs/aws-vault/blob/master/README.md#security.
f

flat-insurance-25294

01/25/2020, 4:49 AM
Right, so our CI would have to execute aws-vault before running pulumi up. I wonder how that works with Github Actions.