I’m trying to use Pulumi Automation API in a REST API endpoint to setup infrastructure (i.e. EKS cluster) for clients but unsure how to deal with their AWS credentials (access key/secret). For example, if I want to do POST /api/eks to create a EKS cluster using the client’s AWS credentials, what is the recommended way to do this?

@most-lighter-95902 are you doing a stack per cluster/post request?

Well each client would get his own project and the cluster would be in a separate stack yes

you could do the automation API equivalent of

pulumi config set aws:accessKey <key> --secret
pulumi config set aws:secretKey <key> --secret

OK so just set the config inside the Pulumi Automation API?

yeah, with `ConfigValue`: https://www.pulumi.com/docs/reference/pkg/nodejs/pulumi/pulumi/automation/#ConfigValue-secret

Yeah that’d be great thanks

yes, you can set their access token: https://app.pulumi.com/settings/tokens,

You don't have to shell out, you can just set the backend url

@red-match-15116 Sorry can you elaborate a little? If you can point me to a short example, that’d be really helpful

Actually I think I might be misunderstanding… how do you want to use the client’s Pulumi credentials?

@red-match-15116 For example, say you want to create an EKS cluster in your client’s AWS and Pulumi (i.e. so the client can manage the pulumi state with their Pulumi account, not mine)