https://pulumi.com logo
Title
c

cool-vr-43155

01/30/2023, 8:59 AM
Hi Pulumi community, How to login into s3 backend using AWS IAM role? supplying the
pulumi config set aws:assumeRole
configuration doesn't work. related issue - https://github.com/pulumi/pulumi/issues/10316 (closed due to no response)
e

echoing-dinner-19531

01/30/2023, 9:13 AM
backends don't (currently) support explicit configuration. They'll just pull credentials from the standard environment variables like AWS_PROFILE.
c

cool-vr-43155

01/30/2023, 9:15 AM
@echoing-dinner-19531 Thanks for the quick response. is there a workaround that currently people are using?
Because we can't inject aws creds into the pulumi kubernetes operator
e

echoing-dinner-19531

01/30/2023, 9:19 AM
It should be the same set of envvars that aws cli uses (https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-envvars.html). I guess you've got to inject enough credentials to allow the role assumption, but aws creds are not my expertise I'm afraid. I'd take a look at the aws docs linked above, and maybe link to this thread in #aws
c

cool-vr-43155

01/30/2023, 11:52 AM
Thanks @echoing-dinner-19531!, I wrote a watcher pod which will inject aws creds into a kubneretes secret and I'm refrerring that secret in the Stack resource. When the kubernetes secret gets updated will Pulumi operator pull the latest secret?
My problem is we don't have static aws creds, we need to periodically refresh the access creds. Somehow Pulumi operator should get the latest AWS creds
e

echoing-dinner-19531

01/30/2023, 12:33 PM
Oh I don't know, might be worth raising an issue at https://github.com/pulumi/pulumi-kubernetes-operator/issues
c

cool-vr-43155

01/30/2023, 2:05 PM
Okay, Thanks for the help!