diff --git a/.github/workflows/pulumi-aws.yml b/.github/workflows/pulumi-aws.yml
index 6352615a..2619aa00 100644
--- a/.github/workflows/pulumi-aws.yml
+++ b/.github/workflows/pulumi-aws.yml
@@ -13,6 +13,7 @@ env:
   AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY }} 
   AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_KEY }} 
   PULUMI_DISABLE_CI_DETECTION: true
+  PULUMI_CONFIG_PASSPHRASE: ${{ secrets.PULUMI_PASS }}
 
 jobs:
   build:
@@ -25,33 +26,30 @@ jobs:
         shell: bash
         working-directory: ./aws
         run: |
-          KEY=`env | grep AWS` && $KEY > /tmp/token
-          cat /tmp/token
           curl -fsSL https://get.pulumi.com | sh
           pip3 install -r requirements.txt
 
-      - name: config pulumi backend
+      - name: login state backend
         shell: bash
         working-directory: ./aws
         run: |
           pulumi login s3://pulumi-aws-dev
 
-      - name: create cloud resource
+      - name: create resource
         shell: bash
         working-directory: ./aws
         run: |
-          pulumi stack init dev
           pulumi stack select dev
           pulumi up --yes
 
-      - name: create cloud resource
+      - name: show pulumi output
         shell: bash
         working-directory: ./aws
         run: |
           pulumi refresh
           pulumi stack output bucket_name
 
-      - name: create cloud resource
+      - name: destroy resource
         shell: bash
         working-directory: ./aws
         run: |
diff --git a/aws/Pulumi.dev.yaml b/aws/Pulumi.dev.yaml
index ec0516d3..146f6173 100644
--- a/aws/Pulumi.dev.yaml
+++ b/aws/Pulumi.dev.yaml
@@ -1,3 +1 @@
-encryptionsalt: v1:B5hZqsz/aHM=:v1:k+mLpl80gIP+cSGs:WTTMtVgfv7ZnGQPUGRHgtCiKT6hWCA==
-config:
-  aws:region: ap-east-1
+encryptionsalt: v1:10lhWEkvx+M=:v1:07s+CVFTndFfRF1u:k5l4axBI8gCJ/XXbykHRa8VEozTolg==