This message was deleted.
# aws
s
This message was deleted.
b
@adventurous-egg-60548 does
aws sts get-caller-identity
return a valid arn? what environment variables do you have set?
env | grep AWS_
a
Currently I have SSO set. I am logged in via
aws sso login --profile Geko
~/oyster-setup-aws$ aws sts get-caller-identity
Unable to locate credentials. You can configure credentials by running "aws configure".
b
what about
aws sts get-caller-identity --profile Geko
a
Yes it returns a valid ARN
arnawsiam::*************:role/aws-reserved/sso.amazonaws.com/AWSReservedSSO_AdministratorAccess/Geko I added asterisks where org ID would be Also in the IAM aws console shows last activity for arn around the time I logged in to sso profile
b
okay, set
export AWS_PROFILE=Geko
and then try rerun pulumi
a
Same error occurs: awsec2Vpc (oyster-ap-south-1-vpc): error: unable to validate AWS credentials. Details: no valid credential sources for found. Please see for more information about providing credentials. Error: failed to refresh cached credentials, the SSO session has expired or is invalid: open /home/ubuntu/.aws/sso/cache/ca6b7ecb335b182996968041cb3d515fc456c94e.json: no such file or directory
b
If you set that env var and rerun aws sso login
Also, what’s in your Pulumi stack configuration?
a
debug: Using shared credentials files from configuration: ["/home/ubuntu/.aws/credentials"] debug: Using shared configuration files from configuration: "/home/ubuntu/.aws/config" debug: Using profile from configuration: "Geko" debug: RegisterResource RPC prepared: t=pulumiprovidersaws, name=ap-southeast-2 debug: RegisterResource RPC prepared: t=pulumiprovidersaws, name=ap-east-1 debug: RegisterResourceOutputs RPC prepared: urn=urnpulumiclave:🦪pulumipulumiStack:oyster-clave debug: RegisterResource RPC finished: resourceap south 1[pulumiproviders:aws]; err: null, resp: urnpulumiclave:🦪pulumiprovidersaws:ap-south-1,,region,,,ap-south-1,skipCredentialsValidation,,,false,skipMetadataApiCheck,,,true,skipRegionValidation,,,true,version,,,5.27.0,, debug: RegisterResource RPC prepared: t=awsec2/vpcVpc, name=oyster-ap-south-1-vpc I also get a similar debug message for the remaining AWSEC2VPC resources oyster-eu-central-1-vpc oyster-ca-central-1-vpc oyster-us-east-2-vpc oyster-ap-southeast-2-vpc oyster-us-west-2-vpc oyster-eu-north-1-vpc oyster-eu-west-3-vpc oyster-eu-west-1-vpc oyster-ap-southeast-1-vpc oyster-ap-east-1-vpc
Pulumi.yaml file: name: oyster description: Marlin Oyster runtime: nodejs Pulumi.clave.yaml (stack attempting to deploy) encryptionsaltv1********** Asterisk represents a large string of letter and numbers.
b
there’s no profile set in your
Pulumi.clave.yaml
?
a
I've set the profile numerous times before when attempting to deploy the stack. Doesn't help
Ill try again though
Same error as before with
config:
aws:profile: Geko
set inside yaml file
b
something is clearly amiss 😞 hard to determine what’s going on I’m afraid. you could try https://github.com/jaxxstorm/aws-sso-creds to get a temporary aws access key, secret key and session token from your SSO profile
a
Thanks Jaxx Ill give it a shot, thanks for your time!