This message was deleted.
# general
s
This message was deleted.
c
Yes, unfortunately. My understanding is that is a restriction imposed by Terraform.
It’s possible to “complicated things you wish you didn’t” if you want to manage DNS records in two different AWS accounts. You can have a Route53 Hosted zone in account all (example.com) and then some NS records (www.example.com) pointing to a Route53 hosted zone in a different AWS account (zone: www.example.com).
p
A combination of how Terraform providers work and how we instantiate them. Today we can only configure one "instance" of the AWS provider, and things like credentials, region, and account are properties of the provider. We've had early discussions on how to expose multiple instances of providers without ruining the "magic" of being able to program simply against a default instance. We hope to have to more to share on that in the coming weeks.
w
To reiterate a couple of those point: (1) this is indeed a current restriction in Pulumi (2) we fully intend to support this in the very near future - https://github.com/pulumi/pulumi/issues/1221 (3) you can in the meantime manage these using two Pulumi programs - though we certainly understand that that is not the ideal solution.
m
Thanks everyone. Good info.
s
Is it also worth folding in a discussion about authentication methods there? For example, it’s common to assume a role in account B using base credentials in account A, and that likely wants representing somehow in the provider configuration?