millions-furniture-75402
11/03/2022, 2:26 PMpulumi-aws
classic provider, is there a clean way for me to share credentials to sdk calls that aren't part of a Custom Resource Component?
I can mix an match aws-sdk v3 with the aws-sdk v2 bundled with the provider:
import * as aws from "@pulumi/aws";
import { fromIni } from "@aws-sdk/credential-providers";
fromIni({
profile: aws.config.profile,
})().then(credentials => {
const s3Client = new aws.sdk.S3({
credentials,
region: aws.sdk.config.region,
});
s3Client.listBuckets().promise().then(data => {
console.log(data);
});
});
Neither of these work for my setup that uses SSO:
aws.sdk.config.credentials = new aws.sdk.SharedIniFileCredentials({ profile: aws.config.profile });
aws.sdk.config.credentials = new aws.sdk.SsoCredentials({ profile: aws.config.profile });
Alternatively, I can ignore Pulumi's aws sdk, and go all v3, but then I'm managing 2 versions of the SDK among other issues 💀
import { S3Client, ListBucketsCommand } from "@aws-sdk/client-s3";
import { fromIni } from "@aws-sdk/credential-providers";
const s3Client = new S3Client({
credentials: fromIni({
profile: aws.config.profile,
}),
region: aws.sdk.config.region,
});
s3Client.send(new ListBucketsCommand({})).then((data) => {
console.log(data);
});
AWS_PROFILE
env var
const s3Client = new S3Client({
region: aws.sdk.config.region,
});
s3Client.send(new ListBucketsCommand({})).then((data) => {
console.log(data);
});
import { fromIni } from "@aws-sdk/credential-providers";
but otherwise uses aws-sdk v2 from the provider