https://pulumi.com logo
Title
f

full-sugar-56177

11/03/2021, 11:19 AM
Hello, What is the best way to configure and run the stacks in different AWS accounts for each environment while having pulumi state stored at S3 only in the main AWS account?
s

salmon-raincoat-19475

11/03/2021, 12:50 PM
I'm pretty new at this myself, however, we recently came across using AWS account profiles in our Pulumi code...we used this:
aws_provider = pulumi_aws.Provider("aws-provider",
                            profile=self.aws_profile,
                            region=self.aws_region
        )
where
self.aws_profile
was pulled from our Pulumi.dev.yaml as the named profile (i.e.
sfenman
if you were using your profile) Then with regards to only saving the state in S3 for the main account, that will require you to do a little coding with a conditional based on if the account is the main account In python, that would be: (from what I posted in #kubernetes yesterday) -- you'll need to add the conditional logic for only
main
bucket = pulumi_aws.s3.get_bucket("my_bucket_name")
        source = self.cluster.kubeconfig.apply(lambda s: pulumi.asset.StringAsset(json.dumps(s)))
        filename = f'{self.env_stack}-kubeconfig'
        pulumi_aws.s3.BucketObject(resource_name=filename,
            bucket=bucket.id,
            key=f'some/sub_dir/{filename}',
            source=source
        )
🙏 1
b

billowy-army-68599

11/03/2021, 4:23 PM
the s3 bucket auth is separate to the provider code, so you can set
AWS_PROFILE
(or
AWS_KEY
etc) and then set
aws:profile
in your stack config
👌 1