https://pulumi.com logo
Title
p

purple-salesclerk-87141

03/15/2021, 6:12 PM
HI! I'm deploying our Dockerfile in AWS ECS. I have the credentials configured in ~/.aws/credentials and everything is working 🙂 Now I want to add my AWS credentials to the Dockerfile, as ARGs, because I want to download secrets during the build or the deployment. How can I get the key and the secret from the Pulumi config? Maybe something like this?
new pulumi.Config("aws").require("aws-key")
This is how I'm building my image now.
image: awsx.ecs.Image.fromDockerBuild(stackName, {
   context: './..',
   dockerfile: './app/Dockerfile',
   args: {
     'APP_ENV': environment
   }
}),
f

faint-table-42725

03/15/2021, 7:10 PM
There’s a convenience built in if you want to use
aws.config.<var>
(where
aws
is
import * as aws from "@pulumi/aws"
)
p

purple-salesclerk-87141

03/16/2021, 1:00 AM
Hummm.... I am trying in and in local it recognizes the values but only if i add them in the config file, not if they are in the ~/.aws/credentials file
I need it as I'm using Github Actions to deploy it
Thanks for answering Lee!
b

busy-magazine-48939

03/16/2021, 6:29 AM
@purple-salesclerk-87141 have you tried to inject it from environment variables of the Github Action agent runtime itself?
## .github/pr.yml
- name: Preview pulumi infra
    uses: <docker://pulumi/actions>
    with:
        args: preview
    env:
        PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
        PULUMI_CI: pr
        PULUMI_ROOT: pulumi
        AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
        AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
        AWS_REGION: ${{ secrets.AWS_REGION }}
image: awsx.ecs.Image.fromDockerBuild(stackName, {
   context: './..',
   dockerfile: './app/Dockerfile',
   args: {
     'APP_ENV': environment
   },
   environment: {
       'AWS_REGION': (process.env['AWS_REGION'] as string) || aws.config.region,
       'AWS_ACCESS_KEY_ID': (process.env['AWS_ACCESS_KEY_ID'] as string) || aws.config.accessKey,
       'AWS_SECRET_ACCESS_KEY': (process.env['AWS_SECRET_ACCESS_KEY'] as string) || aws.config.secretKey,
   }
})
p

purple-salesclerk-87141

03/16/2021, 9:04 AM
I tried something similar, with process.env.AWS_REGION but I will try with your configuration 🙂 Thanks!
👍 1