No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

<@UL4P336N6> Depends. It works using `aws-vault` which sets the temporary credentials in the correct environment variables what the `aws-sdk-go` expects.

Cool thats what I thought, just wanted to doublecheck

If you use the AWS CLI, you best set a named profile in the config file <https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-profiles.html> &amp; reference this profile either via `AWS_PROFILE` env or `pulumi config set aws:profile` (see <https://www.pulumi.com/docs/get-started/aws/configure/>).

The JSON output from `aws sts assume-role` must be put in the correct environment variables, though: <https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-envvars.html>

Al of the above works - but note that you can also do something like <https://github.com/pulumi/examples/blob/master/aws-ts-assume-role/assume-role/index.ts|https://github.com/pulumi/examples/blob/master/aws-ts-assume-role/assume-role/index.ts> to directly assume a role without the need for external tools. 

Would Pulumi also prompt for the MFA code?