1. Packages
  2. AWSx (Pulumi Crosswalk for AWS)
  3. Installation & Configuration
AWSx (Pulumi Crosswalk for AWS) v2.13.0 published on Tuesday, Jul 2, 2024 by Pulumi

AWSx (Pulumi Crosswalk for AWS): Installation & Configuration

awsx logo
AWSx (Pulumi Crosswalk for AWS) v2.13.0 published on Tuesday, Jul 2, 2024 by Pulumi

    If you do not already have an AWS account, you can create a free AWS account. Most resources in our examples fall within the AWS Free Tier, but we encourage you to follow the cleanup steps at the end of each section to avoid paying for resources you aren't using.


    The AWSx provider is available as a package in all Pulumi languages:


    To provision resources with the Pulumi AWSx provider, you need to have AWS credentials. You can use the instructions on if you plan to use AWS credentials from a shared credentials file (which the AWS CLI usually manages for you) or from an environment variable. For other credential options, see the AWS documentation.

    Your AWS credentials are never sent to pulumi.com. Pulumi uses the AWS SDK and the credentials in your environment to authenticate requests from your computer to AWS.

    Get your credentials

    First, make sure you have an IAM user in the AWS console with Programmatic access and ensure it has sufficient permissions to deploy and manage your program’s resources. If you know the precise resource types you wish to create and delete, we recommend restricting your IAM user’s access to just those types.

    You’ll also need an AWS access key for your user. There are two parts to each key, which you’ll see in the IAM console after you create it:

    • <YOUR_ACCESS_KEY_ID>: your access key’s ID
    • <YOUR_SECRET_ACCESS_KEY>: your access key’s secret
    If you are using temporary security credentials, you will also have to supply an AWS_SESSION_TOKEN value before you can use Pulumi to create resources on your behalf.

    Create a shared credentials file

    A credentials file is a plaintext file on your machine that contains your access keys. The file must be named credentials and is located underneath .aws/ directory in your home directory. We recommend this approach because it supports Amazon’s recommended approach for securely managing multiple roles.

    Option 1: Use the CLI

    To create this file using the CLI, install the AWS CLI. If you’re using Homebrew on macOS, you can use the community-managed awscli via brew install awscli.

    After installing the CLI, configure it with your IAM credentials, typically using the aws configure command. For other configuration options, see the AWS article Configuring the AWS CLI.

    $ aws configure
    AWS Access Key ID [None]: <YOUR_ACCESS_KEY_ID>
    AWS Secret Access Key [None]: <YOUR_SECRET_ACCESS_KEY>
    Default region name [None]:
    Default output format [None]:

    Now you’ve created the ~/.aws/credentials file and populated it with the expected settings.

    Option 2: Create by hand

    You can also create the shared credentials file by hand. For example:

    aws_access_key_id = <YOUR_ACCESS_KEY_ID>
    aws_secret_access_key = <YOUR_SECRET_ACCESS_KEY>

    If you want to specify multiple profiles, those are listed in different sections:

    aws_access_key_id = <YOUR_DEFAULT_ACCESS_KEY_ID>
    aws_secret_access_key = <YOUR_DEFAULT_SECRET_ACCESS_KEY>
    aws_access_key_id = <YOUR_TEST_ACCESS_KEY_ID>
    aws_secret_access_key = <YOUR_TEST_SECRET_ACCESS_KEY>
    aws_access_key_id = <YOUR_PROD_ACCESS_KEY_ID>
    aws_secret_access_key = <YOUR_PROD_SECRET_ACCESS_KEY>

    In this case, you will need to set the AWS_PROFILE environment variable to the name of the profile to use.

    Set environment variables

    We recommend using a shared credentials file for most development. However, if you need to temporarily override your credentials file, you can use environment variables. You can do this to quickly switch to a different access key or to configure AWS access from within an environment that might not have an AWS CLI, such as a continuous integration/continuous delivery (CI/CD) system.

    To authenticate using environment variable, set them in your terminal:


    Set up multiple profiles

    As an optional step, if you have multiple AWS profiles set up, you can specify a different profile to use with Pulumi through one of the following methods:

    • Set AWS_PROFILE as an environment variable
    • After creating your project, run pulumi config set aws:profile <profilename>


    The configuration options available for this provider mirror those of the Pulumi AWS Classic Provider

    awsx logo
    AWSx (Pulumi Crosswalk for AWS) v2.13.0 published on Tuesday, Jul 2, 2024 by Pulumi