is that somehow possible to use separate AWS credentials for

Question

is that somehow possible to use separate AWS credentials for Pulumi S3 state file access and for pulumi up command I ve thought that pulumi login s3 actually logins to AWS account but it doesn t seem to be the case

bored-river-53178 · Answer

in other words I expected this to work

bored-river-53178 · Answer

export AWS PROFILE=profile1

bored-river-53178 · Answer

pulumi login <s3 pulumi state>

bored-river-53178 · Answer

export AWS PROFILE=profile2

bored-river-53178 · Answer

pulumi up

bored-river-53178 · Answer

s3 bucket is only accessible via profile1 parent AWS account while I want to create resources inside profile2 a different AWS account

white-balloon-205 · Answer

The one way you could accomplish this today is to set the profile for your program via config instead of relying on the ambient `AWS PROFILE` That s a generally good practice to isolate your programs stacks from ambient credentials that might need to change over time for other tools or in this case `pulumi login` I believe it is not possible to specify `AWS PROFILE` configuration explicitly for `pulumi login s3 ` yet today

bored-river-53178 · Answer

gt to set the profile for your program via config could you please tell me how to do that

white-balloon-205 · Answer

`pulumi config set aws profile profilename` See <https pulumi io reference clouds aws configuration>

bored-river-53178 · Answer

from the example here <https pulumi io reference clouds aws setup > I ve assumed that using AWS PROFILE is the recommended way

white-balloon-205 · Answer

Yes it looks like the docs on that page could be improved to note that either `AWS PROFILE` or the `profile` config setting can be used

bored-river-53178 · Answer

thanks a lot will try to use the config settings