https://pulumi.com logo
Powered by
Title
m

millions-furniture-75402

11/03/2022, 2:26 PM
With the latest 
pulumi-aws
classic provider, is there a clean way for me to share credentials to sdk calls that aren't part of a Custom Resource Component? I can mix an match aws-sdk v3 with the aws-sdk v2 bundled with the provider: 
import * as aws from "@pulumi/aws";
import { fromIni } from "@aws-sdk/credential-providers";

fromIni({
    profile: aws.config.profile,
})().then(credentials => {
    const s3Client = new aws.sdk.S3({
        credentials,
        region: aws.sdk.config.region,
    });
    s3Client.listBuckets().promise().then(data => {
        console.log(data);
    });
});
Neither of these work for my setup that uses SSO: 
aws.sdk.config.credentials = new aws.sdk.SharedIniFileCredentials({ profile: aws.config.profile });
aws.sdk.config.credentials = new aws.sdk.SsoCredentials({ profile: aws.config.profile });
Alternatively, I can ignore Pulumi's aws sdk, and go all v3, but then I'm managing 2 versions of the SDK among other issues 💀 
import { S3Client, ListBucketsCommand } from "@aws-sdk/client-s3";
import { fromIni } from "@aws-sdk/credential-providers";

const s3Client = new S3Client({
    credentials: fromIni({
        profile: aws.config.profile,
    }),
    region: aws.sdk.config.region,
});
s3Client.send(new ListBucketsCommand({})).then((data) => {
    console.log(data);
});
Related issues I found: 1. https://github.com/pulumi/pulumi-aws/issues/841 2. https://github.com/pulumi/pulumi-aws/issues/1375
Going all in on v3 I don't even need fromIni, I can just set the 
AWS_PROFILE
env var 
const s3Client = new S3Client({
    region: aws.sdk.config.region,
});
s3Client.send(new ListBucketsCommand({})).then((data) => {
    console.log(data);
});
I've gone with the solution that uses 
import { fromIni } from "@aws-sdk/credential-providers";
but otherwise uses aws-sdk v2 from the provider
#awsJoin Slack
Powered by