No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

Hi, I’m defining all providers dynamically. On our local laptops we want to utilise AWS Profiles (via SSO). In our CI/CD pipeline (thinking about using the Kubernetes Operator for GitOps) we want to use role assumption. Anyone got any pointers in how to make the difference in a good way? Because I think all the provider settings are always stored in the state and it would mean it the state would always “bounce” between profile and a role arn which would pollute the activity

We use SSO profiles locally and role assumption in our CI (GitLab CI). We don't have any issues with the activity pollution you mention in most of our apps, however there have been a couple where we dynamically create providers and that did cause pollution in the activity due to profile changes. To remedy this we added `ignoreChanges: [‘profile’]` to the provider resource we were creating. 

Hope this helps? 

We do something similar but our solution is to do the role assumption in ~/.AWS/config profiles. So long as our ultimate profiles have the same name in both cases, our source can be used unchanged.

Thanks both! Ill try both out later on :slightly_smiling_face: