hi all we re trying to switch to AWS SSO but when using Pulu Pulumi Community #aws

hi all, we’re trying to switch to AWS SSO but when...

quiet-gold-81036

03/21/2022, 11:00 AM

hi all, we’re trying to switch to AWS SSO but when using Pulumi’s S3 backend, it keeps throwing

Copy code

SharedConfigErr: only one credential type may be specified per profile: source profile, credential source, credential process, web identity token, or sso

we have to use

credential_process

for the SDK so I tried to create a separate profile for Pulumi:

Copy code

[pulumi-tst]
region = us-east-1
sso_start_url = <https://d-XXXX.awsapps.com/start>
sso_region = us-east-1
sso_account_id = XXXXAccountId
sso_role_name = XXXRole

but the backend doesn’t seem to respect

aws:profile

config form the stack, it only works if I specify it as an env variable

AWS_PROFILE

which isn’t very ergonomic for developers to manage separate profiles for the appand Pulumi. would love any pointers you have may

important-appointment-55126

03/21/2022, 6:12 PM

not sure if this is useful or not: https://github.com/pulumi/pulumi-aws/issues/1340

little-cartoon-10569

03/21/2022, 8:31 PM

Yes,

aws:profile

is for configuring the default AWS provider. Backends are created before Pulumi starts. Different configuration is used.

little-cartoon-10569

03/21/2022, 8:31 PM

Afaik, the only way to configure the AWS backend is via "normal" AWS configuration: env vars, ~/.aws/credentials, etc.

little-cartoon-10569

03/21/2022, 8:32 PM

You can't use

aws:profile

for this.

boundless-artist-23351

03/22/2022, 11:01 PM

Hi, I have had the same experience, for the moment I’m using envrc to set up thr AWS_PROFILE but for CI/CD I will try to create an aws provider

little-cartoon-10569

03/22/2022, 11:12 PM

AWS providers do not affect the backend at all.

little-cartoon-10569

03/22/2022, 11:12 PM

Not related.

7 Views

Open in Slack

Previous Next