Thread
#getting-started
    f

    future-exabyte-15821

    2 months ago
    Hi, I’m defining all providers dynamically. On our local laptops we want to utilise AWS Profiles (via SSO). In our CI/CD pipeline (thinking about using the Kubernetes Operator for GitOps) we want to use role assumption. Anyone got any pointers in how to make the difference in a good way? Because I think all the provider settings are always stored in the state and it would mean it the state would always “bounce” between profile and a role arn which would pollute the activity
    v

    victorious-church-57397

    2 months ago
    We use SSO profiles locally and role assumption in our CI (GitLab CI). We don't have any issues with the activity pollution you mention in most of our apps, however there have been a couple where we dynamically create providers and that did cause pollution in the activity due to profile changes. To remedy this we added
    ignoreChanges: [‘profile’]
    to the provider resource we were creating. Hope this helps?
    l

    little-cartoon-10569

    2 months ago
    We do something similar but our solution is to do the role assumption in ~/.AWS/config profiles. So long as our ultimate profiles have the same name in both cases, our source can be used unchanged.
    f

    future-exabyte-15821

    2 months ago
    Thanks both! Ill try both out later on 🙂