Skip to content
/ pulumi-oidc-example Public

Create resources with pulumi automation api assuming role from AWS using OIDC

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

sibiraj-s/pulumi-oidc-example

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits
.github/workflows
.github/workflows
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
backend.go
backend.go
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 
sample.env
sample.env
 
 
utils.go
utils.go
 
 

Repository files navigation

Pulumi OIDC Example

This is an example of how to use OIDC with Pulumi automation api to assume a role in AWS and create resources.

Prerequisites

  • Go (check the go version in the go.mod file)
  • Pulumi v3.183.0+

Create resources

Export ROLE_ARN and OIDC_TOKEN as environment variables and run the program.

Note

In real world, the token would be fetched from the OIDC provider dynamically. For testing, we are just using a static token.

export ROLE_ARN="arn:aws:iam::123456789012:role/TestRole"
export OIDC_TOKEN="eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...."
go run .

This will create an S3 bucket in the AWS account by assuming the role using the provided OIDC token.

Destroy resources

To destroy the resources, run the program with the destroy flag.

go run . destroy

This will destroy the resources created by the program and remove the stack.

About

Create resources with pulumi automation api assuming role from AWS using OIDC

Topics

aws oidc pulumi pulumi-aws pulumi-go pulumi-automation-sdk

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Sponsor this project

 
Learn more about GitHub Sponsors

Contributors 2

  •  
  •  

Languages