sparse-intern-71089
03/16/2022, 6:01 PMlittle-cartoon-10569
03/16/2022, 8:09 PMgetCallerIdentity()
. If you're allowing credentials to "just work", it's not going to. In particular, env var credentials need to be handled very careful in AutomationAPI, since the child Pulumi process doesn't automatically inherit the parent's environment.little-cartoon-10569
03/16/2022, 8:10 PMprovider
(or providers
) opt to all Pulumi calls. There's no other way to guarantee that your code will work the same way when being called in different ways (e.g. directly and via AutomationAPI).most-lighter-95902
03/16/2022, 10:41 PMgetCallerIdentity({ provider: awsProvider })
? The docs for this says function getCallerIdentity(opts?: InvokeOptions)
but when I click on InvokeOptions
it goes nowherelittle-cartoon-10569
03/16/2022, 10:44 PMmost-lighter-95902
03/16/2022, 10:46 PMlittle-cartoon-10569
03/16/2022, 10:49 PMlittle-cartoon-10569
03/16/2022, 10:50 PMmost-lighter-95902
03/16/2022, 10:52 PM~/.aws/credentials
would allow me to use different profiles. How do you securely create this plain text file inside docker using Dockerfile? Do you have any examples of how you do that?most-lighter-95902
03/16/2022, 10:53 PMlittle-cartoon-10569
03/16/2022, 10:58 PM~/.aws/credentials
inside a container. You might want to bind mount it, but I wouldn't recommend it. You could create ~/.aws/config
for your profiles and reference the default profile from one of them. However, you'd be better off going with explicit access key and secret access key, and providers. You can use role chaining instead of profiles.little-cartoon-10569
03/16/2022, 10:59 PMlittle-cartoon-10569
03/16/2022, 11:01 PMmost-lighter-95902
03/16/2022, 11:29 PMmost-lighter-95902
03/16/2022, 11:48 PMaws.getRegion()
usage - I have aws:region
Pulumi config set, so does aws.getRegion()
return that value? config.require('aws:region')
doesn’t seem to worklittle-cartoon-10569
03/16/2022, 11:56 PMlittle-cartoon-10569
03/16/2022, 11:57 PMnew pulumi.Config("aws").require("region")
.little-cartoon-10569
03/16/2022, 11:58 PMaws.getRegion()
will get the region of the "default" connection to AWS, but exactly what that is depends on env vars, profiles, credentials files, config files, and probably the phase of the moon and how recently your cat last ate.little-cartoon-10569
03/16/2022, 11:59 PMlittle-cartoon-10569
03/17/2022, 12:00 AMgetRegion()
also takes an InvokeOptions, so to be certain of getting us-east-1
, you really need to be calling getRegion({ provider: new Provider("foo", { region: "us-east-1" }))
.little-cartoon-10569
03/17/2022, 12:01 AMmost-lighter-95902
03/17/2022, 12:36 AMmost-lighter-95902
03/17/2022, 12:36 AMmost-lighter-95902
03/18/2022, 1:23 AMlittle-cartoon-10569
03/18/2022, 1:25 AMlittle-cartoon-10569
03/18/2022, 1:26 AMmost-lighter-95902
03/18/2022, 2:03 AM