HI! I'm deploying our Dockerfile in AWS ECS. I have the credentials configured in ~/.aws/credentials and everything is working 🙂 Now I want to add my AWS credentials to the Dockerfile, as ARGs, because I want to download secrets during the build or the deployment. How can I get the key and the secret from the Pulumi config? Maybe something like this?

new pulumi.Config("aws").require("aws-key")

This is how I'm building my image now.

image: awsx.ecs.Image.fromDockerBuild(stackName, {
   context: './..',
   dockerfile: './app/Dockerfile',
   args: {
     'APP_ENV': environment
   }
}),

There’s a convenience built in if you want to use

aws.config.<var>

(where

aws

is

import * as aws from "@pulumi/aws"

)

Hummm.... I am trying in and in local it recognizes the values but only if i add them in the config file, not if they are in the ~/.aws/credentials file

@purple-salesclerk-87141 have you tried to inject it from environment variables of the Github Action agent runtime itself?

## .github/pr.yml
- name: Preview pulumi infra
    uses: <docker://pulumi/actions>
    with:
        args: preview
    env:
        PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
        PULUMI_CI: pr
        PULUMI_ROOT: pulumi
        AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
        AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
        AWS_REGION: ${{ secrets.AWS_REGION }}

image: awsx.ecs.Image.fromDockerBuild(stackName, {
   context: './..',
   dockerfile: './app/Dockerfile',
   args: {
     'APP_ENV': environment
   },
   environment: {
       'AWS_REGION': (process.env['AWS_REGION'] as string) || aws.config.region,
       'AWS_ACCESS_KEY_ID': (process.env['AWS_ACCESS_KEY_ID'] as string) || aws.config.accessKey,
       'AWS_SECRET_ACCESS_KEY': (process.env['AWS_SECRET_ACCESS_KEY'] as string) || aws.config.secretKey,
   }
})

I tried something similar, with process.env.AWS_REGION but I will try with your configuration 🙂 Thanks!