I want to make sure that we’re running commands on...
# general
m
I want to make sure that we’re running commands on a stack against the correct AWS account. My first approach is to use
aws.getCallerIdentity({})
to get the accountId and compare it, but that’s not possible:
Copy code
const accountId = await aws.getCallerIdentity({}).then(current => current.accountId);

if((pulumi.getStack() == "prod" && accountId != "512302493601") || (pulumi.getStack() != "prod" && accountId != "497659568814")) {
  process.exit(1);
}
(
await
can only be used against an async function). I also tried
await aws.getCallerIdentity({})
and got the same result. Any suggestions? I want to add a little safeguard so we don’t inadvertently run stack commands against the wrong account.
f
AWS provider option include an allowed and blocked list of account IDs
m
awesome, this does the trick:
Copy code
config:
  aws:allowed_account_ids:
    - 512302493601
thank you so much!
f
👍