https://pulumi.com logo
Title
a

ambitious-rocket-23091

10/14/2022, 7:04 PM
Hi, is there a recommended way to assume a role in aws using the automation api? The python inline program from the examples is close to the pattern I've followed so far in setting up the stack, https://github.com/pulumi/automation-api-examples/blob/main/python/inline_program/main.py is there a way to assume the role for the entire stack? Other examples I've found show it being set using the Provider and then attaching the provider to each resource like the following.
const provider = new aws.Provider(`${accountName}-account-provider`, {
    accessKey: env.AWS_ACCESS_KEY_ID,
    secretKey: env.AWS_SECRET_ACCESS_KEY,
    region: "us-east-1",
    assumeRole: {
      roleArn: pulumi.interpolate`arn:aws:iam::${accountId}:role/OrganizationAccountAccessRole`,
    },
});

bucket = aws.s3.BucketV2("bucket", {provider=provider})
apologies if there is an answer to this already I did some searches in this channel but didn't see anything that matched what I'm trying to do.
l

little-cartoon-10569

10/16/2022, 7:03 PM
Passing the provider to each resource is correct. To avoid doing that, you need to change the default provider, which can only be done by setting the correct roles etc. in your ~/.aws/credentials