Not sure if this is an automation, aws, or typescr...
# automation-api
Not sure if this is an automation, aws, or typescript topic, but here goes: Are providers (AWS provider specifically) thread safe? I have an automation script that runs the same AWS actions in two different accounts simultaneously by assuming roles into those accounts. When I tell the automation to run one account at a time, it’s fine. But when I try to run them simultaneously (using an
function), I get a weird behaviour where one of the providers seems to be trying to assume the wrong role. I suspect it’s some sort of race condition where one of the threads gets to the provider first, assumes the right role, and is fine. Then the next thread comes along, but instead of a new provider, it’s using the original one, and I get STS errors about assuming the wrong role. I suppose I can try waiting for each deployment to finish, but it’d be nice if they can run at the same time. Any thoughts?
Thanks for being my 🦆 . I think I see the problem - environment variables!
Hm. I thought I found away around the issue above by passing environment variables through to the
interface like:
Copy code
const opts: LocalWorkspaceOptions = {
        secretsProvider: secretsProvider,
        envVars: {
            AWS_ACCESS_KEY_ID: credentials.Credentials!.AccessKeyId!,
            AWS_SECRET_ACCESS_KEY: credentials.Credentials!.SecretAccessKey!,
            AWS_SESSION_TOKEN: credentials.Credentials!.SessionToken!,
is the output of an STS
action. According to the docs, those environment variables should be passed to “every Pulumi command”. However, when the automation runs:
Copy code
const stack = await LocalWorkspace.createOrSelectStack(args, opts);
I get an access denied error on the bucket, which makes me think
is not using the environment variables as expected (though I’m not sure how to prove this). If I set the process’ environment like I was originally (e.g.
process.env.AWS_ACCESS_KEY_ID = xxx
) immediately before the
, it works as expected. Any thoughts on how I can get
to honour the
set in the
I know this post is a month old now. Let me know if you already resolved this or opened an issue. I would call the above scenario a bug. Your future commands should be honoring the environment variables that you are setting in
. If that is not happening as expected than I would open an issue on github for it, as that is how it is supposed to function.