https://pulumi.com logo
Join Slack
Powered by
With the latest `pulumi-aws` classic provider, is ...
# aws
m
With the latest 
pulumi-aws
classic provider, is there a clean way for me to share credentials to sdk calls that aren't part of a Custom Resource Component? I can mix an match aws-sdk v3 with the aws-sdk v2 bundled with the provider:
Copy code
import * as aws from "@pulumi/aws";
import { fromIni } from "@aws-sdk/credential-providers";

fromIni({
    profile: aws.config.profile,
})().then(credentials => {
    const s3Client = new aws.sdk.S3({
        credentials,
        region: aws.sdk.config.region,
    });
    s3Client.listBuckets().promise().then(data => {
        console.log(data);
    });
});
Neither of these work for my setup that uses SSO:
Copy code
aws.sdk.config.credentials = new aws.sdk.SharedIniFileCredentials({ profile: aws.config.profile });
aws.sdk.config.credentials = new aws.sdk.SsoCredentials({ profile: aws.config.profile });
Alternatively, I can ignore Pulumi's aws sdk, and go all v3, but then I'm managing 2 versions of the SDK among other issues 💀
Copy code
import { S3Client, ListBucketsCommand } from "@aws-sdk/client-s3";
import { fromIni } from "@aws-sdk/credential-providers";

const s3Client = new S3Client({
    credentials: fromIni({
        profile: aws.config.profile,
    }),
    region: aws.sdk.config.region,
});
s3Client.send(new ListBucketsCommand({})).then((data) => {
    console.log(data);
});
Going all in on v3 I don't even need fromIni, I can just set the 
AWS_PROFILE
env var
Copy code
const s3Client = new S3Client({
    region: aws.sdk.config.region,
});
s3Client.send(new ListBucketsCommand({})).then((data) => {
    console.log(data);
});
I've gone with the solution that uses 
import { fromIni } from "@aws-sdk/credential-providers";
but otherwise uses aws-sdk v2 from the provider
Open in Slack
PreviousNext
Powered by