This message was deleted.

each resources has a provider associated with it, it's either explicitly created (using the provider opts) or done at the stack level - what about the provider do you need to change?

Using

AWS_PROFILE

kind of defeats what I was trying to achieve (unless you mean set it in code instead of via the stack config yaml), hopefully this makes what I'm attempting easier to read • We have multiple accounts and multiple access levels in each account. (e.g. Account/Admin, Account/Engineer, etc...) • We already use a tool called saml2aws for temp credentials in managing these multiple roles and running AWS commands (e.g.

saml2aws exec --exec-profile Account/Admin -- pulumi up

) • Using the pulumi config

aws:profile Account/Admin

for example, means when doing local testing across mutliple projects we only have to run

pulumi up

in each project without having to identify which account/role it belongs to The issue is, it seems once you use the pulumi config

aws:profile Account/Admin

it stays that way. If you remove it and run refresh/update and pass the creds another way, it stays set at that way. The only way I have managed to change or remove that setting after it makes it to the state file is to export, delete/change it, and import. I mean if that's the only possible way for using the

aws:profile

config is to set it forever or manually edit it out of the stack I can just not use it at all, but it does seem like a bug if it never updates/touches that config after it's set