Hi. I have some code that stores API tokens in AWS...
# general
Hi. I have some code that stores API tokens in AWS SSM. During a pulumi update, I issue a call to SSM to get the secret value using
. The response is wrapped like so
pulumi.output(resp).apply(r => r.value)
. I am seeing a weird behavior. I have changed the value of my SSM parameter, and pulumi is still returning the old value. Even weirder is that the old value is only returned on the CI and not when I run on my local machine. Any pointers on what is going on?
Working this back a bit more by ssh'ing into CI, I see it's returning version 1 of the parameter when there is a version 2.
Why would pulumi return a parameter version that is not the latest?
Even after deleting the version 1 parameter, pulumi still returns the version 1 result 🤯 There must be some sort of caching coming into play...
dumb question, why not use pulumi set config --secret <Your secret value>?
OH, I see. The aws.ssm.getParameter call is ignoring the aws:profile set in the pulumi yaml file! The call is going to the wrong account.