https://pulumi.com logo
#aws
Title
# aws
q

quiet-gold-81036

03/21/2022, 11:00 AM
hi all, we’re trying to switch to AWS SSO but when using Pulumi’s S3 backend, it keeps throwing
Copy code
SharedConfigErr: only one credential type may be specified per profile: source profile, credential source, credential process, web identity token, or sso
we have to use
credential_process
for the SDK so I tried to create a separate profile for Pulumi:
Copy code
[pulumi-tst]
region = us-east-1
sso_start_url = <https://d-XXXX.awsapps.com/start>
sso_region = us-east-1
sso_account_id = XXXXAccountId
sso_role_name = XXXRole
but the backend doesn’t seem to respect
aws:profile
config form the stack, it only works if I specify it as an env variable
AWS_PROFILE
which isn’t very ergonomic for developers to manage separate profiles for the appand Pulumi. would love any pointers you have may
i

important-appointment-55126

03/21/2022, 6:12 PM
not sure if this is useful or not: https://github.com/pulumi/pulumi-aws/issues/1340
l

little-cartoon-10569

03/21/2022, 8:31 PM
Yes,
aws:profile
is for configuring the default AWS provider. Backends are created before Pulumi starts. Different configuration is used.
Afaik, the only way to configure the AWS backend is via "normal" AWS configuration: env vars, ~/.aws/credentials, etc.
You can't use
aws:profile
for this.
b

boundless-artist-23351

03/22/2022, 11:01 PM
Hi, I have had the same experience, for the moment I’m using envrc to set up thr AWS_PROFILE but for CI/CD I will try to create an aws provider
l

little-cartoon-10569

03/22/2022, 11:12 PM
AWS providers do not affect the backend at all.
Not related.
6 Views