Hey, folks! 👋 I'm new to Pulumi and trying to wrap my head around using it for multi-region and multi-account AWS deployment, are there any examples the community may know? Pulumi documentation and GitHub lack examples, more or less, what I'm trying to achieve:

for (const accountId of accountsIds) {
  const accountConfig = accountsConfig[accountId];
  const accountCreds = assumeAccountAdminRole(accountId);
  
  for (const region of accountConfig.regions) {
    // deploy resources in each region of the account
  }
}

I read about the Automation API, but there's no way to pass on-the-fly credentials to it (or at least I didn't find it), I ended up wrapping the Pulumi CLI in a loop passing env vars something like:

AWS_REGION AWS_SESSION pulumi ${command} -s ${stack}

Any guidance would be great! 💪 Thanks everyone!

You can use explicit providers for this: https://www.pulumi.com/registry/packages/aws/api-docs/provider/

echoing fraser, if you are wanting to deploy to multiple accounts and multiple regions all at once, you can create providers dynamically in the loop and specify those as resource options. if youre using aws accounts as “account per environment” like we are, we create providers for the regions but then have a stack per environment/account

excellent! as @victorious-church-57397 mentioned, isolation of environments is per account, what I found with providers is that they create the resources within the same Pulumi stack that's why I was exploring Automation API, to have a way to deploy resources per account per region in its own Pulumi stack, for example: AccountDev, AccountProd, us-east-1, eu-west-1 I want to generate the following stacks: • MyPulumiProject/AccountDev-us-east-1 • MyPulumiProject/AccountDev-eu-west-1 • MyPulumiProject/AccountProd-us-east-1 • MyPulumiProject/AccountProd-eu-west-1 If I use providers, I would ended with: • MyPulumiProject/MyStackName <- everything by provider here that's the outcome I find using "providers", which is not ideal since the blast radius of changes affects everything would be great to have isolation in the pulumi stack level, i'm doing something wrong?

Currently one program == one stack, so if you want multiple stacks use automation API.

in essence that was my original question, none of the examples or documentation of Automation API demonstrates how to do it, hence my confusion. are you suggesting that Automation API + providers is the answer here @echoing-dinner-19531?

I mean with automation api you don't even need explicit providers. Just use it to create and run a stack per region and before running Up set the config so the default provider region is correct.