Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
package-authoring
pulumi-ai
pulumi-cdk
pulumi-cloud
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Title
m
most-lighter-95902
12/20/2021, 6:20 PMI’m trying to use Pulumi Automation API in a REST API endpoint to setup infrastructure (i.e. EKS cluster) for clients but unsure how to deal with their AWS credentials (access key/secret). For example, if I want to do POST /api/eks to create a EKS cluster using the client’s AWS credentials, what is the recommended way to do this?
b
billowy-army-68599
12/20/2021, 6:21 PM@most-lighter-95902 are you doing a stack per cluster/post request?
m
most-lighter-95902
12/20/2021, 6:22 PMWell each client would get his own project and the cluster would be in a separate stack yes
b
billowy-army-68599
12/20/2021, 6:23 PMyou could do the automation API equivalent of
pulumi config set aws:accessKey <key> --secret
pulumi config set aws:secretKey <key> --secretthis would encrypt the values in state with a unique key per project, you'd just need to handle the values safely client side/in the browser
m
most-lighter-95902
12/20/2021, 6:23 PMOK so just set the config inside the Pulumi Automation API?
RIght
OK awesome - I’ll try that thanks!
b
billowy-army-68599
12/20/2021, 6:24 PMyeah, with `ConfigValue`:
https://www.pulumi.com/docs/reference/pkg/nodejs/pulumi/pulumi/automation/#ConfigValue-secret
I'm building (or planning to) something very similar, so if you're interested in comparing notes at some point, let me know
m
most-lighter-95902
12/20/2021, 6:26 PMYeah that’d be great thanks
One more quick thing - what if I wanted to use the client’s Pulumi credentials? Is that also possible?
b
billowy-army-68599
12/20/2021, 6:34 PMyes, you can set their access token: https://app.pulumi.com/settings/tokens,
i'm not sure we have a login method on automation api yet though, so you'd have to shell out to it
r
red-match-15116
12/20/2021, 6:46 PMYou don't have to shell out, you can just set the backend url
❤️ 1
m
most-lighter-95902
12/20/2021, 9:57 PM@red-match-15116 Sorry can you elaborate a little? If you can point me to a short example, that’d be really helpful
r
red-match-15116
12/20/2021, 10:15 PMActually I think I might be misunderstanding… how do you want to use the client’s Pulumi credentials?
m
most-lighter-95902
12/23/2021, 2:35 AM@red-match-15116 For example, say you want to create an EKS cluster in your client’s AWS and Pulumi (i.e. so the client can manage the pulumi state with their Pulumi account, not mine)
Does that make sense?