{"id":9197,"library":"pulumi-aws-native","title":"Pulumi AWS Native","description":"Pulumi AWS Native, currently at version 1.61.0, is a Python package for defining and managing AWS resources using the AWS Cloud Control API. It provides same-day access to new AWS resources and properties as they become available in Cloud Control. The library maintains a rapid release cadence, often with multiple updates per month, reflecting its close alignment with AWS Cloud Control API updates.","status":"active","version":"1.61.0","language":"en","source_language":"en","source_url":"https://github.com/pulumi/pulumi-aws-native","tags":["aws","pulumi","iac","cloud","cloud-control","infrastructure-as-code"],"install":[{"cmd":"pip install pulumi-aws-native","lang":"bash","label":"Install `pulumi-aws-native`"},{"cmd":"pulumi plugin install resource aws-native 1.61.0","lang":"bash","label":"Install Pulumi Provider Plugin (if not auto-installed)"}],"dependencies":[{"reason":"Core Pulumi SDK is required to define and deploy infrastructure.","package":"pulumi"},{"reason":"Often used alongside `pulumi-aws-native` for comprehensive AWS resource coverage, as `aws-native` covers resources available via AWS Cloud Control API.","package":"pulumi_aws","optional":true}],"imports":[{"note":"Commonly aliased as `aws_native` for brevity and clarity when defining resources.","symbol":"aws_native","correct":"import pulumi_aws_native as aws_native"},{"note":"Importing specific service modules (e.g., S3) can make code cleaner.","symbol":"s3","correct":"import pulumi_aws_native.s3 as s3"}],"quickstart":{"code":"import pulumi\nimport pulumi_aws_native as aws_native\nimport os\n\n# Configure AWS region (e.g., via pulumi config set aws-native:region us-east-1\n# or AWS_REGION environment variable) and AWS credentials.\n# For quickstart, ensure AWS CLI is configured or env vars are set:\n# export AWS_ACCESS_KEY_ID='YOUR_ACCESS_KEY'\n# export AWS_SECRET_ACCESS_KEY='YOUR_SECRET_KEY'\n# export AWS_REGION='us-east-1'\n\n# Create an AWS S3 Bucket\n# Pulumi will automatically assign a unique name if 'my-bucket' is used as the URN part.\n# You can also pass a specific bucket_name property if a fixed name is required (must be globally unique).\nbucket = aws_native.s3.Bucket(\"my-first-aws-native-bucket\",\n    bucket_name=\"my-unique-pulumi-bucket-name-12345\") # Use a unique name for actual deployment\n\n# Export the name of the bucket\npulumi.export(\"bucket_name\", bucket.bucket_name)\n\n# To deploy this, navigate to your project directory in the terminal and run:\n# pulumi up\n","lang":"python","description":"This quickstart program provisions a new S3 bucket using the `pulumi-aws-native` provider. It demonstrates how to import the provider and create a basic AWS resource, then exports the bucket's name. Remember to configure your AWS credentials and region before running `pulumi up`."},"warnings":[{"fix":"Be aware of the name change when consulting documentation or community resources; search for 'AWS Cloud Control Provider' if 'Pulumi AWS Native' doesn't yield results.","message":"The provider was originally named 'AWS Native' but was officially renamed to 'AWS Cloud Control Provider' in March 2024. While the Python package retains `pulumi-aws-native`, official Pulumi documentation often refers to it by its new name.","severity":"gotcha","affected_versions":"All versions"},{"fix":"Evaluate your project's needs. If a resource is well-supported in `pulumi_aws`, prefer it. Use `pulumi-aws-native` when you need a resource that is very new, only available through Cloud Control, or requires specific behaviors exposed by Cloud Control.","message":"For new projects, Pulumi generally recommends starting with the `pulumi_aws` (classic) provider and integrating `pulumi-aws-native` (AWS Cloud Control) for specific resources only available via the Cloud Control API or for same-day feature access. `pulumi-aws-native` is not intended as a direct replacement for `pulumi_aws` but rather as a complement.","severity":"gotcha","affected_versions":"All versions"},{"fix":"Manually inspect `pulumi preview` output carefully after a `refresh`. If unintended resource replacements are planned due to attribute defaults, you might need to manually edit the Pulumi state file or explicitly define the attribute in your code to match the default, preventing a perceived drift.","message":"Performing `pulumi refresh` can sometimes cause `pulumi-aws-native` to add default values for optional attributes to the state, even if they were not explicitly set in your code. This can lead to subsequent `pulumi up` operations attempting to recreate resources if these default attributes are marked as `replaceOnChange`.","severity":"breaking","affected_versions":"All versions"},{"fix":"Ensure your AWS SSO session is active and that environment variables (like `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `AWS_SESSION_TOKEN`) are correctly exported and refreshed in the shell where `pulumi` commands are run. This can sometimes be a more sensitive area for `aws-native` due to underlying provider differences.","message":"Users integrating with AWS SSO (e.g., via `granted.dev` or `aws-vault`) have reported issues where `pulumi up` with `pulumi-aws-native` fails with `STS: GetCallerIdentity` errors, indicating credential problems, even when the `pulumi_aws` provider works correctly in the same shell session.","severity":"gotcha","affected_versions":"All versions"}],"env_vars":null,"last_verified":"2026-04-16T00:00:00.000Z","next_check":"2026-07-15T00:00:00.000Z","problems":[{"fix":"Set the Pulumi stack configuration `aws:skipMetadataApiCheck` to `false` (`pulumi config set aws:skipMetadataApiCheck false`) or export the environment variable `export AWS_SKIP_METADATA_API_CHECK=false` to ensure credential detection.","cause":"Pulumi, and its underlying Terraform AWS provider, may not automatically detect IAM instance profile credentials on EC2 instances.","error":"error configuring Terraform AWS Provider: no valid credential sources for Terraform AWS Provider found."},{"fix":"Re-authenticate your AWS SSO session using your preferred method (e.g., `aws sso login` or your SSO tool) to refresh credentials and ensure they are active and correctly exported as environment variables (`AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `AWS_SESSION_TOKEN`).","cause":"The AWS SSO session or temporary credentials have expired or were not correctly picked up by the `pulumi-aws-native` provider.","error":"error: could not get AWS account ID: operation error STS: GetCallerIdentity, get identity: get credentials: failed to refresh cached credentials, the SSO session has expired or is invalid."},{"fix":"Examine the `pulumi preview` output carefully to identify the specific attribute causing the replacement. If the default value is acceptable, explicitly set that attribute in your Pulumi code. If not, manual state editing might be required, or open an issue with Pulumi for specific resource behavior.","cause":"`pulumi-aws-native` detected a difference in default values for optional attributes in the cloud state versus what's implicitly managed by your code, and these attributes are flagged to cause replacement.","error":"Pulumi wants to recreate a resource after `pulumi refresh` even though my code hasn't changed."}]}