Channels
#automation-api
Title
# automation-api
m
most-lighter-95902
03/16/2022, 6:01 PM Copy code
export const createPulumiProgram = (args: CreatePulumiProgramArgs) => async () => {
const { stack, inputs } = args
// Should return client's account id since aws credentials in config
// is set to client's aws credentials, but returns my own account id
const { accountId: awsAccountId } = await aws.getCallerIdentity({})
}l
little-cartoon-10569
03/16/2022, 8:09 PMWhich config? Env vars? ~/.aws/credentials? To make this work predictably, you should be passing the correct provider to
getCallerIdentity()I recommend always passing the
providerprovidersm
most-lighter-95902
03/16/2022, 10:41 PMAh I see - so is that
getCallerIdentity({ provider: awsProvider })function getCallerIdentity(opts?: InvokeOptions)InvokeOptionsl
little-cartoon-10569
03/16/2022, 10:44 PMYes. I'll see if I can find the docs for InvokeOptions
m
most-lighter-95902
03/16/2022, 10:46 PMAwesome - thank you for the prompt response. Much appreciated!
l
little-cartoon-10569
03/16/2022, 10:49 PMThe source is here, with annotated docs.. can't find a page with this info though.
https://github.com/pulumi/pulumi/blob/master/sdk/nodejs/invoke.ts
It should be linked from this page but it's not: https://www.pulumi.com/docs/reference/pkg/nodejs/pulumi/pulumi/
m
most-lighter-95902
03/16/2022, 10:52 PMOK thank you - since I got you here one more quick question regarding this. For Pulumi Automation, I was told to use Pulumi stack config to store the aws credentials, but reading the docs, it seems like
~/.aws/credentialsRight now I’m using Kubernetes Secrets to store and reference aws credentials inside my Docker containers, but I don’t think this method is possible for plain text files
l
little-cartoon-10569
03/16/2022, 10:58 PMI wouldn't create
~/.aws/credentials~/.aws/configProfile are intended for machines with real users on them. If you're working from a transient container built on demand, you can take advantage of environments and other non-persistent ways of accessing secrets.
To answer the question though: you can create files in your dockerfile via COPY, RUN (to run a script that creates the file), or similar.
m
most-lighter-95902
03/16/2022, 11:29 PMOh I see - this is awesome. Thank you so much for detailed answers!
Hi @little-cartoon-10569 I’m just testing out the provider method, but a little confused about
aws.getRegion()aws:regionaws.getRegion()config.require('aws:region')l
little-cartoon-10569
03/16/2022, 11:56 PMThere's a few things to answer there 🙂
To get to region from the config file, you need
new pulumi.Config("aws").require("region")aws.getRegion()(And if you have no cat, then I don't know how it figures it out.)
getRegion()us-east-1getRegion({ provider: new Provider("foo", { region: "us-east-1" }))I've long ago given up trying to figure out how AWS+Pulumi+automation-api all combine to influence which credentials are used. I nearly always explicitly load the AWS config from the stack file, create an explicit provider, and use it. It never fails.
m
most-lighter-95902
03/17/2022, 12:36 AMThis is so great - it was confusing me to no end! I ran into so many issues. I’m just going to do what you suggested.
Thanks again - this was VERY helpful!
👍 1
@little-cartoon-10569 If you don’t mind, can I ask you about Pulumi plugin versions in Automation API?
I’m really confused as to how it picks the version it requires. Locally I’m using the latest version, but automation API frequently errors out citing another older version?
l
little-cartoon-10569
03/18/2022, 1:25 AMSorry, not my area of specialty 😞 I'd check the package.json and lock file...
Or maybe Lee or Evan might know.. try posting a new thread and see if you get any bites.
m
most-lighter-95902
03/18/2022, 2:03 AMOK got it - thank you!!
2 Views