https://pulumi.com logo
Title
m

most-lighter-95902

12/20/2021, 6:20 PM
I’m trying to use Pulumi Automation API in a REST API endpoint to setup infrastructure (i.e. EKS cluster) for clients but unsure how to deal with their AWS credentials (access key/secret). For example, if I want to do POST /api/eks to create a EKS cluster using the client’s AWS credentials, what is the recommended way to do this?
b

billowy-army-68599

12/20/2021, 6:21 PM
@most-lighter-95902 are you doing a stack per cluster/post request?
m

most-lighter-95902

12/20/2021, 6:22 PM
Well each client would get his own project and the cluster would be in a separate stack yes
b

billowy-army-68599

12/20/2021, 6:23 PM
you could do the automation API equivalent of
pulumi config set aws:accessKey <key> --secret
pulumi config set aws:secretKey <key> --secret
this would encrypt the values in state with a unique key per project, you'd just need to handle the values safely client side/in the browser
m

most-lighter-95902

12/20/2021, 6:23 PM
OK so just set the config inside the Pulumi Automation API?
RIght
OK awesome - I’ll try that thanks!
b

billowy-army-68599

12/20/2021, 6:24 PM
I'm building (or planning to) something very similar, so if you're interested in comparing notes at some point, let me know
m

most-lighter-95902

12/20/2021, 6:26 PM
Yeah that’d be great thanks
One more quick thing - what if I wanted to use the client’s Pulumi credentials? Is that also possible?
b

billowy-army-68599

12/20/2021, 6:34 PM
yes, you can set their access token: https://app.pulumi.com/settings/tokens,
i'm not sure we have a login method on automation api yet though, so you'd have to shell out to it
r

red-match-15116

12/20/2021, 6:46 PM
You don't have to shell out, you can just set the backend url
❤️ 1
m

most-lighter-95902

12/20/2021, 9:57 PM
@red-match-15116 Sorry can you elaborate a little? If you can point me to a short example, that’d be really helpful
r

red-match-15116

12/20/2021, 10:15 PM
Actually I think I might be misunderstanding… how do you want to use the client’s Pulumi credentials?
m

most-lighter-95902

12/23/2021, 2:35 AM
@red-match-15116 For example, say you want to create an EKS cluster in your client’s AWS and Pulumi (i.e. so the client can manage the pulumi state with their Pulumi account, not mine)
Does that make sense?