sparse-intern-71089
04/20/2023, 9:47 PMcurved-kitchen-24115
04/20/2023, 9:49 PMpulumi up
and pulumi down
, without error - so in that regard this seems to be spurious.
However the message is also popping up in our github actions CI/CD flow (using pulumi/actions@v4) and there we’re seeing more permissions related issues - so I’m trying to nail down what the cause may be.little-cartoon-10569
04/20/2023, 9:56 PMlittle-cartoon-10569
04/20/2023, 9:58 PMpulumi up
with no profile set, it'll presumably use the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY, and if they're available in multiple environments, it'll work.little-cartoon-10569
04/20/2023, 9:58 PMcurved-kitchen-24115
04/20/2023, 9:58 PMcurved-kitchen-24115
04/20/2023, 9:58 PMlittle-cartoon-10569
04/20/2023, 9:59 PMup
, Pulumi will create an AWS provider object and serialize that in your stack. That will include the credentials or auth method. If there's no details saved in there, it'll fall back to no-creds each time, which seems to be what you're expecting. But if there are creds saved in there (such as the value of the AWS profile), then it'll keep using them.little-cartoon-10569
04/20/2023, 10:00 PMlittle-cartoon-10569
04/20/2023, 10:00 PMpulumi stack export --file stack.json
will create an export, then you can view it in your favourite JSON viewer and look for the AWS provider.curved-kitchen-24115
04/20/2023, 10:01 PMwhich seems to be what you’re expectingcorrect. Is there a way to change this?
little-cartoon-10569
04/20/2023, 10:01 PMlittle-cartoon-10569
04/20/2023, 10:02 PMlittle-cartoon-10569
04/20/2023, 10:03 PMlittle-cartoon-10569
04/20/2023, 10:03 PMlittle-cartoon-10569
04/20/2023, 10:03 PMpulumi down
first, then making the changes. This will be easiest.little-cartoon-10569
04/20/2023, 10:04 PMcurved-kitchen-24115
04/20/2023, 10:04 PMlittle-cartoon-10569
04/20/2023, 10:04 PMcurved-kitchen-24115
04/20/2023, 10:04 PM{
"urn": "urn:pulumi:software::eks::pulumi:providers:aws::default_5_35_0",
"custom": true,
"id": "a5516725-ff11-4fed-a721-770cbb09b1ab",
"type": "pulumi:providers:aws",
"inputs": {
"region": "us-east-1",
"version": "5.35.0"
},
"outputs": {
"region": "us-east-1",
"version": "5.35.0"
},
// ... snip ...
{
"urn": "urn:pulumi:software::eks::pulumi:providers:aws::default_5_16_2",
"custom": true,
"id": "383a4162-ae02-4537-8e19-4a46bd2baaf3",
"type": "pulumi:providers:aws",
"inputs": {
"region": "us-east-1",
"version": "5.16.2"
},
"outputs": {
"region": "us-east-1",
"version": "5.16.2"
},
"created": "2023-04-03T17:01:29.852016463Z",
"modified": "2023-04-03T17:01:29.852016463Z"
},
little-cartoon-10569
04/20/2023, 10:05 PMlittle-cartoon-10569
04/20/2023, 10:05 PMcurved-kitchen-24115
04/20/2023, 10:05 PMcurved-kitchen-24115
04/20/2023, 10:06 PMcurved-kitchen-24115
04/20/2023, 10:07 PMlittle-cartoon-10569
04/20/2023, 10:07 PMcurved-kitchen-24115
04/20/2023, 10:08 PM@pulumi/eks
(typescript) does this on our behalf 😕little-cartoon-10569
04/20/2023, 10:08 PMcurved-kitchen-24115
04/20/2023, 10:09 PMlittle-cartoon-10569
04/20/2023, 10:09 PMlittle-cartoon-10569
04/20/2023, 10:09 PMcurved-kitchen-24115
04/20/2023, 10:09 PMlittle-cartoon-10569
04/20/2023, 10:09 PMcurved-kitchen-24115
04/20/2023, 10:10 PMcurved-kitchen-24115
04/20/2023, 10:10 PMcurved-kitchen-24115
04/20/2023, 10:11 PMlittle-cartoon-10569
04/20/2023, 10:11 PMcurved-kitchen-24115
04/20/2023, 10:22 PMcurved-kitchen-24115
04/20/2023, 10:23 PM@pulumi/eks
package has an output of kubeconfig; it will record any environment variables that pulumi is called with. So by re-running it without AWS_PROFILE=admin
the output no longer records that env var.