Using only the default AWS provider is it possible to use on Pulumi Community #aws

Using only the default AWS provider, is it possibl...

little-cartoon-10569

08/05/2020, 12:24 AM

Using only the default AWS provider, is it possible to use one set of creds for accessing my S3 backend, and a different set for my project? I've set AWS_PROFILE, then

pulumi login -c s3://....

, now I'd like to switch to a different profile to run the Pulumi code. Can I say "use this profile to access the state and whatever is in AWS_PROFILE for running the project"?

little-cartoon-10569

08/05/2020, 12:29 AM

Looks like the AWS SDK supports it: https://docs.aws.amazon.com/sdk-for-go/api/aws/session/

little-cartoon-10569

08/05/2020, 1:29 AM

I'm looking for the equivalent of this Terraform configuration:

Copy code

terraform {
  backend "s3" {
    bucket = "bucket-in-another-account"
    role_arn = "arn:aws:iam::other-account-id:role/role-in-other-account-with-access-to-bucket"
  }
}

millions-furniture-75402

08/05/2020, 1:03 PM

Yes, you’re referring to using multiple AWS provider instances, see this discussion: https://pulumi-community.slack.com/archives/C84L4E3N1/p1595517949114200

little-cartoon-10569

08/05/2020, 8:39 PM

Yes, that is a solution, unfortunately it doesn't avoid my current problem. I've already deployed everything using the default provider. If I change from the default provider to an explicit provider pointing at the same account with the same creds, it wants to tear everything down and recreate them. That's my VPC, RDS, DB, AD, my EC2 instances.. it would be destructive. And there's all the extra work on the side, updating keys in vaults etc. I want to be able to use one provider for the backend, and a different provider that I don't pass into resources via the

provider

opts property. Which is what the Terraform code above achieves.

6 Views

Open in Slack

Previous Next