https://pulumi.com logo
#general
Title
# general
b

bored-river-53178

06/17/2019, 6:21 PM
is that somehow possible to use separate AWS credentials for Pulumi S3 state file access and for 'pulumi up' command? I've thought that 'pulumi login s3://...' actually logins to AWS account but it doesn't seem to be the case
in other words I expected this to work:
export AWS_PROFILE=profile1
pulumi login s3://pulumi-state
export AWS_PROFILE=profile2
pulumi up
s3 bucket is only accessible via profile1 (parent AWS account), while I want to create resources inside profile2 (a different AWS account)
w

white-balloon-205

06/17/2019, 6:33 PM
The one way you could accomplish this today is to set the profile for your program via config instead of relying on the ambient
AWS_PROFILE
. That's a generally good practice to isolate your programs/stacks from ambient credentials that might need to change over time for other tools (or in this case,
pulumi login
). I believe it is not possible to specify
AWS_PROFILE
configuration explicitly for
pulumi login s3://
yet today.
b

bored-river-53178

06/17/2019, 6:38 PM
to set the profile for your program via config
could you please tell me how to do that?
w

white-balloon-205

06/17/2019, 6:39 PM
pulumi config set aws:profile profilename
See: https://pulumi.io/reference/clouds/aws/#configuration
b

bored-river-53178

06/17/2019, 6:39 PM
from the example here https://pulumi.io/reference/clouds/aws/setup/ I've assumed that using AWS_PROFILE is the recommended way
w

white-balloon-205

06/17/2019, 6:39 PM
Yes - it looks like the docs on that page could be improved to note that either
AWS_PROFILE
or the
profile
config setting can be used.
b

bored-river-53178

06/17/2019, 6:40 PM
thanks a lot, will try to use the config settings