FYI for the solution - as this is not clearly documented anywhere, it took a while for us to try and make this work with Pulumi Automation API - The credentials (key/secrets) can be passed using the kubeconfig as listed below using the env block and the command uses the env parameters. (As AWS CLI doesnt allow to pass the access/secret directly on the CLI). we will now try to make this work using sts tokens and certificates next and avoid passing creds this way.----
users:
- name: arn
awseks
us west 1xxxxx:cluster/eks-clu01a
user:
exec:
apiVersion:
client.authentication.k8s.io/v1beta1
args:
- --region
- us-west-1
- eks
- get-token
- --cluster-name
- eks-clu01a
command: aws
env:
- name: "AWS_ACCESS_KEY_ID"
value: "XXXXXXXX"
- name: "AWS_SECRET_ACCESS_KEY"
value: "XXXXXXXXXXXXXX"