This message was deleted.
# awss
sparse-intern-71089
04/11/2023, 1:59 PMThis message was deleted.
b
billowy-army-68599
04/11/2023, 2:04 PM
@adventurous-egg-60548 does
aws sts get-caller-identityenv | grep AWS_a
adventurous-egg-60548
04/11/2023, 2:18 PMCurrently I have SSO set. I am logged in via
aws sso login --profile Gekoadventurous-egg-60548
04/11/2023, 2:19 PM~/oyster-setup-aws$ aws sts get-caller-identityb
billowy-army-68599
04/11/2023, 2:42 PM
what about
aws sts get-caller-identity --profile Gekoa
adventurous-egg-60548
04/11/2023, 2:44 PMYes it returns a valid ARN
adventurous-egg-60548
04/11/2023, 2:48 PMarnawsiam::*************:role/aws-reserved/sso.amazonaws.com/AWSReservedSSO_AdministratorAccess/Geko
I added asterisks where org ID would be
Also in the IAM aws console shows last activity for arn around the time I logged in to sso profile
b
billowy-army-68599
04/11/2023, 3:00 PM
okay, set
export AWS_PROFILE=Gekoa
adventurous-egg-60548
04/11/2023, 3:04 PMSame error occurs:
awsec2Vpc (oyster-ap-south-1-vpc):
error: unable to validate AWS credentials.
Details: no valid credential sources for found.
Please see
for more information about providing credentials.
Error: failed to refresh cached credentials, the SSO session has expired or is invalid: open /home/ubuntu/.aws/sso/cache/ca6b7ecb335b182996968041cb3d515fc456c94e.json: no such file or directory
b
billowy-army-68599
04/11/2023, 3:17 PM
If you set that env var and rerun aws sso login
billowy-army-68599
04/11/2023, 3:17 PM
Also, what’s in your Pulumi stack configuration?
a
adventurous-egg-60548
04/11/2023, 3:22 PMdebug: Using shared credentials files from configuration: ["/home/ubuntu/.aws/credentials"]
debug: Using shared configuration files from configuration: "/home/ubuntu/.aws/config"
debug: Using profile from configuration: "Geko"
debug: RegisterResource RPC prepared: t=pulumiprovidersaws, name=ap-southeast-2
debug: RegisterResource RPC prepared: t=pulumiprovidersaws, name=ap-east-1
debug: RegisterResourceOutputs RPC prepared: urn=urnpulumiclave:🦪pulumipulumiStack:oyster-clave
debug: RegisterResource RPC finished: resourceap south 1[pulumiproviders:aws]; err: null, resp: urnpulumiclave:🦪pulumiprovidersaws:ap-south-1,,region,,,ap-south-1,skipCredentialsValidation,,,false,skipMetadataApiCheck,,,true,skipRegionValidation,,,true,version,,,5.27.0,,
debug: RegisterResource RPC prepared: t=awsec2/vpcVpc, name=oyster-ap-south-1-vpc
I also get a similar debug message for the remaining AWSEC2VPC resources
oyster-eu-central-1-vpc
oyster-ca-central-1-vpc
oyster-us-east-2-vpc
oyster-ap-southeast-2-vpc
oyster-us-west-2-vpc
oyster-eu-north-1-vpc
oyster-eu-west-3-vpc
oyster-eu-west-1-vpc
oyster-ap-southeast-1-vpc
oyster-ap-east-1-vpc
adventurous-egg-60548
04/11/2023, 3:25 PMPulumi.yaml file:
name: oyster
description: Marlin Oyster
runtime: nodejs
Pulumi.clave.yaml (stack attempting to deploy)
encryptionsaltv1**********
Asterisk represents a large string of letter and numbers.
b
billowy-army-68599
04/11/2023, 3:25 PM
there’s no profile set in your
Pulumi.clave.yamla
adventurous-egg-60548
04/11/2023, 3:26 PMI've set the profile numerous times before when attempting to deploy the stack. Doesn't help
adventurous-egg-60548
04/11/2023, 3:27 PMIll try again though
adventurous-egg-60548
04/11/2023, 3:28 PMSame error as before with
config:aws:profile: Gekob
billowy-army-68599
04/11/2023, 3:41 PM
something is clearly amiss 😞 hard to determine what’s going on I’m afraid. you could try https://github.com/jaxxstorm/aws-sso-creds to get a temporary aws access key, secret key and session token from your SSO profile
a
adventurous-egg-60548
04/11/2023, 3:46 PMThanks Jaxx Ill give it a shot, thanks for your time!
2 Views