Hi All if I m running a Pulumi build from a dedicated ci cd

Question

Hi All if I m running a Pulumi build from a dedicated ci cd account and the build machine assumes an admin role in my target account is there a way for me to resolve the target account ID in code In this situation `pulumi aws get caller identity account id` seems to return the ci cd account

freezing-van-87649 · Answer

`get caller identity` has an optional `opts` param I believe you can explicitly set the provider there

freezing-van-87649 · Answer

actually do you want to do anything in the `ci cd` account Or should all actions calls be performed in the `target` account

nice-father-44210 · Answer

In my case all actions should be performed in the `target` account I d just like to have the build machine in `ci cd` to use `AssumeRole` to assume a cross account admin role in the `target` account

nice-father-44210 · Answer

And then I d like to be able to resolve the `target` account ID in code

nice-father-44210 · Answer

`AssumeRole` is all taken care of in the CD tool itself Once Pulumi build starts running I don t need any context switching

freezing-van-87649 · Answer

well if `pulumi aws get caller identity account id` is returning the `ci cd` account id then I think the assume role might not be working

freezing-van-87649 · Answer

might want to try setting the pulumi aws `assumeRole` setting <https www pulumi com registry packages aws installation configuration >

nice-father-44210 · Answer

Let me confirm it s working as I understand it Thanks for feedback

nice-father-44210 · Answer

I ve confirmed it was indeed an issue with `AssumeRole` in the CD tool Using the `aws assumeRole` config settings worked like a charm Thanks

freezing-van-87649 · Answer

great