sparse-intern-71089
07/17/2021, 4:37 AMbillions-battery-73370
07/17/2021, 4:38 AM<http://app.pulumi.com|app.pulumi.com>
seems to be backbillowy-army-68599
pulumi config set aws:secretKey <key> --secret
You'll then be able to read this from config and pass it to the provider like so: https://www.pulumi.com/docs/intro/concepts/config/#codebillions-battery-73370
07/17/2021, 4:50 AMbillowy-army-68599
billions-battery-73370
07/17/2021, 5:01 AMconst awsConfig = new pulumi.Config("aws");
const provider = new aws.Provider(`account-provider`, {
accessKey: awsConfig.require("accessKey"),
secretKey: awsConfig.require("secretKey"),
region: awsConfig.require("region") as aws.Region,
assumeRole: {
roleArn: pulumi.interpolate`arn:aws:iam::${accountId}:role/OrganizationAccountAccessRole`,
},
});
billions-battery-73370
07/17/2021, 5:02 AMOrganizationAccountAccessRole
in child accounts ordinarilybillions-battery-73370
07/17/2021, 5:03 AM* error configuring Terraform AWS Provider: IAM Role (arn:aws:iam::288XXXXX577:role/OrganizationAccountAccessRole) cannot be assumed.
billions-battery-73370
07/17/2021, 5:04 AMPulumi.prod.yaml
config:
aws:accessKey:
secure: AAABAIHDr2+XXXXXXXXXXXXXXXXXXX7MGy6X0Uy45v5CTEQyBXR8uVWODYvg==
aws:region: us-east-1
aws:secretKey:
secure: AAABANatex3YxZzzjVXXXXXXXXXXXXXXXXXXXXXX3LFiuiBVGNQsALLhDnTWIRtsD1L10sRR7Dw0iKG2E/k7
billowy-army-68599
billions-battery-73370
07/17/2021, 5:20 AMError: root account cant assume roles
Solution create a user in root account with access keys then try again.. ✅billions-battery-73370
07/17/2021, 5:23 AMprocess.env.AWS_ACCESS_KEY_ID
etc.. works as well