This message was deleted Pulumi Community #automation-api

Join Slack

This message was deleted.

# automation-api

sparse-intern-71089

11/16/2022, 8:07 AM

This message was deleted.

thousands-engineer-52020

11/16/2022, 10:31 AM

I've found a way to do it, but is there a "default" way instead of using an "explicit" one :

Copy code

assumerole = aws.Provider("aviatrixrole", 
                                region="eu-west-1",
                               assume_role=aws.ProviderAssumeRoleArgs(role_arn="arn:aws:iam::1111111:role/myrole"))

    site_bucket = s3.Bucket("s3-website-bucket", 
                            website=s3.BucketWebsiteArgs(index_document="index.html"), 
                            opts=pulumi.ResourceOptions(provider=assumerole))

brave-planet-10645

11/16/2022, 10:35 AM

There’s an

assumeRole

config setting you can use for default providers: https://www.pulumi.com/registry/packages/aws/installation-configuration/#configuration-options

thousands-engineer-52020

11/16/2022, 10:42 AM

this

stack.set_config("assumeRole.roleArn", auto.ConfigValue(value="arn:aws:iam::11111:role/myrole"))

doesn't work either. It still create my S3 bucket on my current account

brave-planet-10645

11/16/2022, 10:45 AM

it needs to be

stack.set_config("aws:assumeRole.roleArn", auto.ConfigValue(value="arn:aws:iam::11111:role/myrole"))

(note the

aws

in front of the

assumeRole

)

thousands-engineer-52020

11/16/2022, 10:50 AM

You're right. Strange, because pulumi generate errors :

Copy code

pulumi:pulumi:Stack inline_s3_project-dev running
    aws:s3:Bucket s3-website-bucket  error: could not validate provider configuration: 1 error occurred:
    pulumi:pulumi:Stack inline_s3_project-dev
    aws:s3:Bucket s3-website-bucket **failed** 1 error

Diagnostics:
  aws:s3:Bucket (s3-website-bucket):
    error: could not validate provider configuration: 1 error occurred:
    	* Invalid or unknown key

brave-planet-10645

11/16/2022, 10:51 AM

is that what you’re getting with the

aws

in front?

thousands-engineer-52020

11/16/2022, 10:52 AM

Yes

thousands-engineer-52020

11/16/2022, 10:53 AM

Without

stack.set_config("aws:assumeRole.roleArn", auto.ConfigValue(value="arn:aws:iam::11111768:role/myrole"))

it work great (but not on the proper account)

brave-planet-10645

11/16/2022, 11:09 AM

I think you might need to set the

externalId

and the

sessionId

names in the config as well if you’re using assumeRole (not 100% sure on this, but worth a try) - that might be why you’re getting that error).

brave-planet-10645

11/16/2022, 11:09 AM

Without
stack.set_config("aws:assumeRole.roleArn", auto.ConfigValue(value="arn:aws:iam::11111768:role/myrole"))
it work great (but not on the proper account)

This is because the provider is ignoring the setting

brave-planet-10645

11/16/2022, 11:09 AM

it’s not actually using the role at all

thousands-engineer-52020

11/16/2022, 2:15 PM

@brave-planet-10645 it's expected or a bug ?

brave-planet-10645

11/16/2022, 2:16 PM

what, for the default provider to ignore it without the

aws

at the beginning? It’s expected: https://www.pulumi.com/docs/intro/concepts/config/#configuration-keys

thousands-engineer-52020

11/16/2022, 2:50 PM

I've set the

aws:

in prefix, but pulumi crash when I set this config value

ambitious-rocket-23091

11/16/2022, 7:52 PM

Copy code

stack.set_config(
            "aws:assumeRole",
            auto.ConfigValue(
                json.dumps(
                    {
                        "roleArn": "arn:aws:iam::11111111111:role/myrole",
                        "sessionName": "session-assume-myrole",
                    }
                )
            ),
        )

I can't remember where I found this, but I did it this way and it worked.

520 Views

Open in Slack

Previous Next