Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
package-authoring
pulumi-ai
pulumi-cdk
pulumi-cloud
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Title
l
little-cartoon-10569
05/06/2021, 3:12 AMRelated to above: policy packs don't use the creds in a resource's provider property. Is this something that could reasonably happen? I can raise an issue about it, if it's fixable.
I applied a policy pack to a stack where all the resources are configured to use a provider that is associated with a different AWS account than my default AWS_PROFILE points to.
It seemed to mostly work, reporting a few (correct) validation advsories about bucket logging.
However it also threw an error (a stack trace, not a normal crossguard error) reporting that it could not find an ACM certificate (which is in the stack's account) when looking in my AWS_PROFILE's account.
When I changed my AWS_PROFILE to match the stack's resources, the error went away.
I presume that this means if I had certificates in two accounts in a single stack, there is no way that a policy pack could be successfully applied.