This message was deleted.
# generals
sparse-intern-71089
06/27/2018, 8:42 PMThis message was deleted.
c
colossal-beach-47527
06/27/2018, 8:42 PMYes, unfortunately. My understanding is that is a restriction imposed by Terraform.
colossal-beach-47527
06/27/2018, 8:44 PMIt’s possible to “complicated things you wish you didn’t” if you want to manage DNS records in two different AWS accounts.
You can have a Route53 Hosted zone in account all (example.com) and then some NS records (www.example.com) pointing to a Route53 hosted zone in a different AWS account (zone: www.example.com).
p
powerful-whale-8767
06/27/2018, 8:44 PMA combination of how Terraform providers work and how we instantiate them. Today we can only configure one "instance" of the AWS provider, and things like credentials, region, and account are properties of the provider.
We've had early discussions on how to expose multiple instances of providers without ruining the "magic" of being able to program simply against a default instance. We hope to have to more to share on that in the coming weeks.
w
white-balloon-205
06/27/2018, 8:47 PM
To reiterate a couple of those point: (1) this is indeed a current restriction in Pulumi (2) we fully intend to support this in the very near future - https://github.com/pulumi/pulumi/issues/1221 (3) you can in the meantime manage these using two Pulumi programs - though we certainly understand that that is not the ideal solution.
m
modern-diamond-82589
06/27/2018, 8:49 PMThanks everyone. Good info.
s
stocky-spoon-28903
06/28/2018, 1:43 AMIs it also worth folding in a discussion about authentication methods there? For example, it’s common to assume a role in account B using base credentials in account A, and that likely wants representing somehow in the provider configuration?