Using only the default AWS provider, is it possibl...
# aws
Using only the default AWS provider, is it possible to use one set of creds for accessing my S3 backend, and a different set for my project? I've set AWS_PROFILE, then
pulumi login -c s3://....
, now I'd like to switch to a different profile to run the Pulumi code. Can I say "use this profile to access the state and whatever is in AWS_PROFILE for running the project"?
I'm looking for the equivalent of this Terraform configuration:
Copy code
terraform {
  backend "s3" {
    bucket = "bucket-in-another-account"
    role_arn = "arn:aws:iam::other-account-id:role/role-in-other-account-with-access-to-bucket"
Yes, you’re referring to using multiple AWS provider instances, see this discussion:
Yes, that is a solution, unfortunately it doesn't avoid my current problem. I've already deployed everything using the default provider. If I change from the default provider to an explicit provider pointing at the same account with the same creds, it wants to tear everything down and recreate them. That's my VPC, RDS, DB, AD, my EC2 instances.. it would be destructive. And there's all the extra work on the side, updating keys in vaults etc. I want to be able to use one provider for the backend, and a different provider that I don't pass into resources via the
opts property. Which is what the Terraform code above achieves.