---
title: pulumi env provider aws-login static | CLI commands
url: /docs/iac/cli/commands/pulumi_env_provider_aws-login_static/
---

Add an AWS static-credentials login provider to an environment

## Synopsis

[EXPERIMENTAL] Add an AWS static-credentials login provider to an environment

Writes an `fn::open::aws-login` block with static credentials at the configured
path under `values`. The secret access key and session token, if any, are
wrapped in `fn::secret`. If a block already exists at the path it is replaced.

See https://www.pulumi.com/docs/esc/providers/login/aws-login/
for the full provider reference.

```
pulumi env provider aws-login static [<org>/][/]<environment-name>  <secret-access-key> [flags]
```

## Options

```
      --create                 create the environment if it does not already exist
      --draft string[="new"]   set flag without a value (--draft) to create a draft rather than saving changes directly. --draft=<change-request-id> to update an existing change request.
  -h, --help                   help for static
      --path values            property path under values where the provider block is written (default "aws.login")
      --session-token string   optional AWS session token
```

## Options inherited from parent commands

```
      --color string                 Colorize output. Choices are: always, never, raw, auto (default "auto")
  -C, --cwd string                   Run pulumi as if it had been started in another directory
      --disable-integrity-checking   Disable integrity checking of checkpoint files
  -e, --emoji                        Enable emojis in the output
      --env string                   The name of the environment to operate on.
  -Q, --fully-qualify-stack-names    Show fully-qualified stack names
      --logflow                      Flow log settings to child processes (like plugins)
      --logtostderr                  Log to stderr instead of to files
      --memprofilerate int           Enable more precise (and expensive) memory allocation profiles by setting runtime.MemProfileRate
      --non-interactive              Disable interactive mode for all commands
      --otel-traces string           Export OpenTelemetry traces to the specified endpoint. Use file:// for local JSON files, grpc:// for remote collectors
      --profiling string             Emit CPU and memory profiles and an execution trace to '[filename].[pid].{cpu,mem,trace}', respectively
      --tracing file:                Emit tracing to the specified endpoint. Use the file: scheme to write tracing data to a local file
  -v, --verbose int                  Enable verbose logging (e.g., v=3); anything >3 is very verbose
```

## SEE ALSO

* [pulumi env provider aws-login](/docs/iac/cli/commands/pulumi_env_provider_aws-login/)	 - Add an AWS login provider to an environment