You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When running Pulumi in AWS it would be useful to rely on the instance metadata service to provide the AWS Provider with the necessary credentials to run.
I know that #1288 set the default value of aws:skipMetadataApiCheck and other associated configuration variables to true to eliminate the additional wait time that making such calls can take, which makes sense. However, when running in AWS (particularly in a CI/CD situation) it would be convenient to set the value of aws:skipMetadataApiCheck to false globally in the environment, rather than have to set it in every stack (and thus incur the additional network overhead when not running in AWS).
aws:skipMetadataApiCheck happens to be the particular configuration value that I stumbled across today, but other provider configuration values (particularly the ones affected by #1288) may also benefit from being able to be set at the environment level as well.
The text was updated successfully, but these errors were encountered:
In retrospect, I believe one of the reasons that I got tripped up on this was the fact that the documentation on these options (the ones changed in #1288) is misleading: https://www.pulumi.com/docs/reference/pkg/aws/provider/aws:skipMetadataApiCheck isn't documented at all, none of the others tells what the default value is, and the ones that are documented are all phrased in terms that make them seem applicable only for running on non-AWS (but compatible) platforms. Thus, as someone running my Pulumi jobs on real AWS infrastructure (that is, our CI/CD infrastructure is hosted in AWS, and we run Pulumi jobs from there), I assumed that I wouldn't need to be concerned about these values, and that an AWS provider would know how to work on AWS out of the box.
The documentation on https://pypi.org/project/pulumi-aws/ is better, but I only stumbled upon that by accident; I generally look for documentation on the Pulumi website directly. Even the documentation for these options on PyPI, while more complete than what's on the Pulumi site, is still largely talked about in terms of interacting with a non-AWS platforms, and only a careful and thorough reading uncovers the fact that these are disabled by default for performance reasons, and thus are still very relevant for people running Pulumi in AWS.
When running Pulumi in AWS it would be useful to rely on the instance metadata service to provide the AWS Provider with the necessary credentials to run.
I know that #1288 set the default value of
aws:skipMetadataApiCheck
and other associated configuration variables totrue
to eliminate the additional wait time that making such calls can take, which makes sense. However, when running in AWS (particularly in a CI/CD situation) it would be convenient to set the value ofaws:skipMetadataApiCheck
tofalse
globally in the environment, rather than have to set it in every stack (and thus incur the additional network overhead when not running in AWS).aws:skipMetadataApiCheck
happens to be the particular configuration value that I stumbled across today, but other provider configuration values (particularly the ones affected by #1288) may also benefit from being able to be set at the environment level as well.The text was updated successfully, but these errors were encountered: