Hello again, I have a question about cross-acount resources. I've got a zone in Route 53 managed in one account (call it A). I'm delegating a subdomain to a zone I'm managing with Pulumi in another account (B). I have a role and policy configured in A to permit B to make the necessary changes to Route 53. Is there any way in my config applying to account B that I can assume the role in A to create the record set in A's Route 53?

I believe you should be able to do this by setting up multiple providers

ah ha, using

aws.Provider

?

yea, my guess is that you should be able to pass a set of creds into the provider, ie say assume this role

Hey Travis, According to pulumi documentation, you can create a new role and attach it to any resource you create within pulumi. Your account A is not managed by pulumi, which means you cannot do across account stack reference - getStackReference(). I suggest you hardcode the arn of your resources of account A in the trust policy attached to the role in account B.

yep, I've put the account ID and role ARN in config

You are welcome. LOL.