No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

it's a tough question to solve. You could use our SaaS :wink:

but generally i recommend having a dedicated "infrastructure" account that stores states and host your bucket there

Makes sense (both answers :slightly_smiling_face: )

Explicit AWS providers in code make this a lot easier to manage. Your default AWS creds (env vars) are used only for state storage; all Pulumi resources are created via explicit providers. Reduces risk of creating stuff in wrong account.

I never mix different AWS accounts in a single stack. When I want to share a bucket, I define it in a stack that's applied on the AWS account which holds the bucket, and I set a bucket policy that whitelist my org or part of it depending on my needs. Same as <@UCWG26BH7>: I have some kind of "infrastructure / shared services" accounts.

Unfortunately it isn't always possible.. for example, setting up VPC peering requires access to 2 accounts. You _could_ do it via 2 stacks, but then you'd have to write some state-detection code. It's much easier to use two providers to solve this sort of issue.