AWSx

Pulumi Official
Package maintained by Pulumi
v1.0.0-beta.1 published on Friday, Apr 29, 2022 by Pulumi

Installation

The AWSx provider is available as a package in all Pulumi languages:

Setup

To provision resources with the Pulumi AWSx provider, you need to have AWS credentials. You can use the instructions on if you plan to use AWS credentials from a shared credentials file (which the AWS CLI usually manages for you) or from an environment variable. For other credential options, see the AWS documentation.

Your AWS credentials are never sent to pulumi.com. Pulumi uses the AWS SDK and the credentials in your environment to authenticate requests from your computer to AWS.

Get your credentials

First, make sure you have an IAM user in the AWS console with Programmatic access and ensure it has sufficient permissions to deploy and manage your program’s resources. If you know the precise resource types you wish to create and delete, we recommend restricting your IAM user’s access to just those types.

You’ll also need an AWS access key for your user. There are two parts to each key, which you’ll see in the IAM console after you create it:

  • <YOUR_ACCESS_KEY_ID>: your access key’s ID
  • <YOUR_SECRET_ACCESS_KEY>: your access key’s secret

Create a shared credentials file

A credentials file is a plaintext file on your machine that contains your access keys. The file must be named credentials and is located underneath .aws/ directory in your home directory. We recommend this approach because it supports Amazon’s recommended approach for securely managing multiple roles.

Option 1: Use the CLI

To create this file using the CLI, install the AWS CLI. If you’re using Homebrew on macOS, you can use the community-managed awscli via brew install awscli.

After installing the CLI, configure it with your IAM credentials, typically using the aws configure command. For other configuration options, see the AWS article Configuring the AWS CLI.

$ aws configure
AWS Access Key ID [None]: <YOUR_ACCESS_KEY_ID>
AWS Secret Access Key [None]: <YOUR_SECRET_ACCESS_KEY>
Default region name [None]:
Default output format [None]:

Now you’ve created the ~/.aws/credentials file and populated it with the expected settings.

Option 2: Create by hand

You can also create the shared credentials file by hand. For example:

[default]
aws_access_key_id = <YOUR_ACCESS_KEY_ID>
aws_secret_access_key = <YOUR_SECRET_ACCESS_KEY>

If you want to specify multiple profiles, those are listed in different sections:

[default]
aws_access_key_id = <YOUR_DEFAULT_ACCESS_KEY_ID>
aws_secret_access_key = <YOUR_DEFAULT_SECRET_ACCESS_KEY>
[test-account]
aws_access_key_id = <YOUR_TEST_ACCESS_KEY_ID>
aws_secret_access_key = <YOUR_TEST_SECRET_ACCESS_KEY>
[prod-account]
aws_access_key_id = <YOUR_PROD_ACCESS_KEY_ID>
aws_secret_access_key = <YOUR_PROD_SECRET_ACCESS_KEY>

In this case, you will need to set the AWS_PROFILE environment variable to the name of the profile to use.

Set environment variables

We recommend using a shared credentials file for most development. However, if you need to temporarily override your credentials file, you can use environment variables. You can do this to quickly switch to a different access key or to configure AWS access from within an environment that might not have an AWS CLI, such as a continuous integration/continuous delivery (CI/CD) system.

To authenticate using environment variable, set them in your terminal:

$ export AWS_ACCESS_KEY_ID=<YOUR_ACCESS_KEY_ID>
$ export AWS_SECRET_ACCESS_KEY=<YOUR_SECRET_ACCESS_KEY>
$ export AWS_ACCESS_KEY_ID=<YOUR_ACCESS_KEY_ID>
$ export AWS_SECRET_ACCESS_KEY=<YOUR_SECRET_ACCESS_KEY>
> $env:AWS_ACCESS_KEY_ID = "<YOUR_ACCESS_KEY_ID>"
> $env:AWS_SECRET_ACCESS_KEY = "<YOUR_SECRET_ACCESS_KEY>"

Set up multiple profiles

As an optional step, if you have multiple AWS profiles set up, you can specify a different profile to use with Pulumi through one of the following methods:

  • Set AWS_PROFILE as an environment variable
  • After creating your project, run pulumi config set aws:profile <profilename>

Configuration

The configuration options available for this provider mirror those of the Pulumi AWS Classic Provider