https://pulumi.com logo
#aws
Title
# aws
m

millions-umbrella-34765

09/15/2020, 6:47 PM
Is pulumi able to work with AWS profiles that use source_profile and role_arn? We have several AWS accounts so I have credentials for one account and cofigure cross-account access to other accounts. so I have an .aws/config that contains like
Copy code
[profile is-signin]

[profile myprofile]
output=json
region=us-east-1
source_profile=is-signin
role_arn=arn:aws:iam::819835124123:role/Admins
so I can run aws cli like
aws s3 ls --profile=myprofile
and that works fine but when I configure pulumi to with
myprofile
it doesn't work.
I figured it out. I also use aws-vault and I found that works with pulum like
aws-vault exec myprofile -- pulumi preview
h

hundreds-musician-51496

09/15/2020, 10:12 PM
Nice trick! Do you use that on Windows and how is the experience, if so?
a

ancient-sugar-52541

09/16/2020, 8:20 AM
Setting the AWS_PROFILE environment variable works for me on Mac, but I know some of my colleagues on Windows have had trouble with this (and just use temporary credentials generated by aws sts assume-role which they can put directly into AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY and AWS_SESSION_TOKEN env vars).