03/10/2021, 8:49 PM
Hi, I'm learning about stacks today and how to configure them for different environments. To do this I have set up 3 different AWS accounts - dev, non-prod and prod and configured a profile for each one in my credentials file. I then use the appropriate profile in the appropriate stack that I have created - dev, non-prod and prod and ran pulumi up. As expected the resource appeared in the stack that was currently active. Now, when I change the aws profile for that stack using pulumi config set aws:profile to one of the other profiles and run pulumi up, then the resource is still deployed to the original profile's account and not the profile that I've changed to. This doesn't seem to be the correct behaviour. Could anyone point where I'm going wrong?


03/10/2021, 9:01 PM
have you tried running with a refresh?
pulumi up -r


03/10/2021, 9:04 PM
Are you correcting a mistake when you change the profile within the stack? That's unlikely to be the correct thing to do, normally. When you change the profile (and refresh, as @billowy-army-68599 says), Pulumi will destroy all the old resources because they're associated with one set of credentials, then create similar resources using the new set.
This demonstrates why changing the profile within the provider doesn't immediately change the account (and other credentials). If it did immediately change the credentials, Pulumi would "lose" all the old resources and be unable to tear them down. So it saves the credentials with the resources, so that it can clean up.
Generally, the correct way to set up the same resources in a new account is to create a new stack with the new account's credentials.
☝️ 1


03/11/2021, 8:17 AM
Thanks for your replies - it makes sense now - the old resources have to be destroyed otherwise they're left on the old account and would need manually destroying via the AWS CLI or console - not a problem for hello-world exercises but for a full-blown commercial app that would be a nightmare. Thanks again.