https://pulumi.com logo
Join Slack
Powered by
Not sure if this is an automation, aws, or typescr...
# automation-api
p
Not sure if this is an automation, aws, or typescript topic, but here goes: Are providers (AWS provider specifically) thread safe? I have an automation script that runs the same AWS actions in two different accounts simultaneously by assuming roles into those accounts. When I tell the automation to run one account at a time, it’s fine. But when I try to run them simultaneously (using an 
async
function), I get a weird behaviour where one of the providers seems to be trying to assume the wrong role. I suspect it’s some sort of race condition where one of the threads gets to the provider first, assumes the right role, and is fine. Then the next thread comes along, but instead of a new provider, it’s using the original one, and I get STS errors about assuming the wrong role. I suppose I can try waiting for each deployment to finish, but it’d be nice if they can run at the same time. Any thoughts?
Thanks for being my 🦆 . I think I see the problem - environment variables!
Hm. I thought I found away around the issue above by passing environment variables through to the 
LocalWorkspaceOptions
interface like:
Copy code
const opts: LocalWorkspaceOptions = {
        secretsProvider: secretsProvider,
        envVars: {
            AWS_ACCESS_KEY_ID: credentials.Credentials!.AccessKeyId!,
            AWS_SECRET_ACCESS_KEY: credentials.Credentials!.SecretAccessKey!,
            AWS_SESSION_TOKEN: credentials.Credentials!.SessionToken!,
        },
where 
credentials
is the output of an STS 
AssumeRoleCommand
action. According to the docs, those environment variables should be passed to “every Pulumi command”. However, when the automation runs:
Copy code
const stack = await LocalWorkspace.createOrSelectStack(args, opts);
I get an access denied error on the bucket, which makes me think 
createOrSelectStack
is not using the environment variables as expected (though I’m not sure how to prove this). If I set the process’ environment like I was originally (e.g. 
process.env.AWS_ACCESS_KEY_ID = xxx
) immediately before the 
createOrSelectStack
, it works as expected. Any thoughts on how I can get 
createOrSelectStack
to honour the 
envVars
set in the 
opts
object?
b
I know this post is a month old now. Let me know if you already resolved this or opened an issue. I would call the above scenario a bug. Your future commands should be honoring the environment variables that you are setting in 
opts
. If that is not happening as expected than I would open an issue on github for it, as that is how it is supposed to function.
2 Views
Open in Slack
PreviousNext
Powered by