Hi I’m trying to understand the issue reported by this error message pulumiprovidersaws (default): error: rpc error: code = Unknown desc = unable to validate AWS credentials. Details: validating provider credentials: retrieving caller identity from STS: operation error STS: GetCallerIdentity, https response error StatusCode: 0, RequestID: , request send failed, Post “https://sts.eu-west-1.amazonaws.com/”: dial tcp: lookup sts.eu-west-1.amazonaws.com on [20018a07b3ff5001]53: no such host Make sure you have set your AWS region, e.g.

pulumi config set aws:region us-west-2

. This is result of pulumi up --debug Context: The environment variables for AWS are set, and ‘aws s3 ls’ returns the list of buckets. The stack is selected. Can someone point me to the right direction on this? Thanks in advance

Are you creating an explicit provider (

new aws.Provider

in TS) instead of using the default?

No.

Ah, "no such host"... hmm. What happens if you try to curl that URL?

Open AWS page

Yeah, I'm seeing the same.

Not sure if pulumi does any kind of test but if I run pulumi login against the s3 bucket is goes successful …

OH

I’m trying to, yes

You shouldn't have to store your state file in S3 unless you want to. Pulumi should never give you an AWS-related message that is not related to the program itself unless you're using AWS for secrets or state file storage.

Sorry, I’m a little bit lost here, (also a new to pulumi), from my understand the sts phase if for allowing the deploy of the stack into the provider, so why secrets here, unless I’ve had enable some feature within pulumi without knowing

STS would never get hit if you were using Pulumi Cloud as your backend and were not creating AWS resources.

Can I delete the state file from the bucket and make a recovery with the resource already created?

You should be able to recreate any resources using

pulumi import

if you delete your state file, but you should delete your state file only as a last resort. If possible tear down the stack (

pulumi destroy

) rather than deleting the state file.

I can go back and import the state file into pulumi cloud again, if that’s the problem…. but that was my previous setup when this messages started to popup and preventing the deploy of resources

If you're learning Pulumi, it's best to stick with Pulumi Cloud as your backend. It's free for individual use forever, and it's easier than managing state file or secrets yourself.

And since that fails, the rest will fail also

Yeah, accounts in AWS do not play so well with IaC because they can't be deleted in the same way. I recommend that you create AWS accounts outside of Pulumi (or any other IaC tool) and then use creds for the new account to mange resources.

ok

Hi guys, I'm facing the same issue but I don't have the option of moving my state fi;es to Pulumi Cloud. could you guys guide me? I did not understand why the error is be thrown. Also, one of my resources uses the

getCallerIdentity

method which fails, so even if I set the

skipCredentialsValidation

flag it keeps throwing the error