I am trying to implement the very same strategy, except that I am using Python (with Output.concat):
import pulumi
import pulumi_aws as aws
stack = pulumi.get_stack()
account = aws.organizations.Account(
f"{stack}-account",
email="master@example.com",
role_name=f"{stack}-account-role",
)
provider = aws.Provider(
f"{stack}-account-provider",
assume_role={'role_arn': pulumi.Output.concat("arn:aws:iam::", account.id, ":role/", account.role_name)},
)
aws.iam.User("new-iam-user", path='/', opts=pulumi.ResourceOptions(provider=provider))
In my root account, I have created a new IAM user that has administrator access. When using the credentials of that user, I am running into the following error when doing pulumi up:
Diagnostics:
aws:iam:User (new-iam-user):
error: unable to validate AWS credentials.
Details: Assume Role: role ARN not set
Make sure you have:
• Set your AWS region, e.g. `pulumi config set aws:region us-west-2`
• Configured your AWS credentials as per https://pulumi.io/install/aws.html
You can also set these via cli using `aws configure`.
Checking the role_name poperty, I would assume that should work. What am I missing?
