https://pulumi.com logo
Join Slack
Powered by
I’m trying to use Pulumi Automation API in a REST ...
# automation-api
m
I’m trying to use Pulumi Automation API in a REST API endpoint to setup infrastructure (i.e. EKS cluster) for clients but unsure how to deal with their AWS credentials (access key/secret). For example, if I want to do POST /api/eks to create a EKS cluster using the client’s AWS credentials, what is the recommended way to do this?
b
@most-lighter-95902 are you doing a stack per cluster/post request?
m
Well each client would get his own project and the cluster would be in a separate stack yes
b
you could do the automation API equivalent of
Copy code
pulumi config set aws:accessKey <key> --secret
pulumi config set aws:secretKey <key> --secret
this would encrypt the values in state with a unique key per project, you'd just need to handle the values safely client side/in the browser
m
OK so just set the config inside the Pulumi Automation API?
RIght
OK awesome - I’ll try that thanks!
b
I'm building (or planning to) something very similar, so if you're interested in comparing notes at some point, let me know
m
Yeah that’d be great thanks
One more quick thing - what if I wanted to use the client’s Pulumi credentials? Is that also possible?
b
yes, you can set their access token: https://app.pulumi.com/settings/tokens,
i'm not sure we have a login method on automation api yet though, so you'd have to shell out to it
r
You don't have to shell out, you can just set the backend url
❤️ 1
m
@red-match-15116 Sorry can you elaborate a little? If you can point me to a short example, that’d be really helpful
r
Actually I think I might be misunderstanding… how do you want to use the client’s Pulumi credentials?
m
@red-match-15116 For example, say you want to create an EKS cluster in your client’s AWS and Pulumi (i.e. so the client can manage the pulumi state with their Pulumi account, not mine)
Does that make sense?
Open in Slack
PreviousNext
Powered by