Is there a easy way to update the AWS provider `pulumi provi

Question

Is there a easy way to update the AWS provider `pulumi providers aws` in the stack state aside from export delete import If you remove below the AWS profile config `pulumi config rm aws profile` it seems to persist in state regardless of what I try unless manually deleted ```config aws profile someProfile``` I m trying to keep it simple for devs so they don t have to switch between roles we have several accounts for each local deploy testing but in our automated pipeline we re running `pulumi config rm aws profile` before `pulumi up non interactive y` as we have instances in each specific account with a IAM Profile attached to provide the needed credentials to run the pulumi updates But it s keeping that config in the state tried a `pulumi refresh` but keep getting `error configuring Terraform AWS Provider no valid credential sources for Terraform AWS Provider found ` on any refresh up attempts on any machine that doesn t have the previously set AWS profile configured locally

billowy-army-68599 · Answer

each resources has a provider associated with it it s either explicitly created using the provider opts or done at the stack level what about the provider do you need to change

billowy-army-68599 · Answer

if need to use profiles I d recommend setting the `AWS PROFILE` env var instead of configuring it via the config

shy-waiter-84958 · Answer

Using `AWS PROFILE` kind of defeats what I was trying to achieve unless you mean set it in code instead of via the stack config yaml hopefully this makes what I m attempting easier to read We have multiple accounts and multiple access levels in each account e g Account Admin Account Engineer etc We already use a tool called saml2aws for temp credentials in managing these multiple roles and running AWS commands e g `saml2aws exec exec profile Account Admin pulumi up` Using the pulumi config `aws profile Account Admin` for example means when doing local testing across mutliple projects we only have to run `pulumi up` in each project without having to identify which account role it belongs to The issue is it seems once you use the pulumi config `aws profile Account Admin` it stays that way If you remove it and run refresh update and pass the creds another way it stays set at that way The only way I have managed to change or remove that setting after it makes it to the state file is to export delete change it and import I mean if that s the only possible way for using the `aws profile` config is to set it forever or manually edit it out of the stack I can just not use it at all but it does seem like a bug if it never updates touches that config after it s set