Hi I’m trying to understand the issue reported by ...
# getting-started
Hi I’m trying to understand the issue reported by this error message pulumiprovidersaws (default): error: rpc error: code = Unknown desc = unable to validate AWS credentials. Details: validating provider credentials: retrieving caller identity from STS: operation error STS: GetCallerIdentity, https response error StatusCode: 0, RequestID: , request send failed, Post “https://sts.eu-west-1.amazonaws.com/”: dial tcp: lookup sts.eu-west-1.amazonaws.com on [20018a07b3ff5001]53: no such host Make sure you have set your AWS region, e.g.
pulumi config set aws:region us-west-2
. This is result of pulumi up --debug Context: The environment variables for AWS are set, and ‘aws s3 ls’ returns the list of buckets. The stack is selected. Can someone point me to the right direction on this? Thanks in advance
Are you creating an explicit provider (
new aws.Provider
in TS) instead of using the default?
This is quite strange, the change of behaviour was from one day to another, the operation that is giving me this error is pulumi up
The same with pulumi refresh
Ah, "no such host"... hmm. What happens if you try to curl that URL?
Open AWS page
Yeah, I'm seeing the same.
Not sure if pulumi does any kind of test but if I run pulumi login against the s3 bucket is goes successful …
Are you using S3 to store your state file?
I’m trying to, yes
but this situation was also happening with pulumi cloud as a backend
That’s why I’ve moved to S3
You shouldn't have to store your state file in S3 unless you want to. Pulumi should never give you an AWS-related message that is not related to the program itself unless you're using AWS for secrets or state file storage.
Sorry, I’m a little bit lost here, (also a new to pulumi), from my understand the sts phase if for allowing the deploy of the stack into the provider, so why secrets here, unless I’ve had enable some feature within pulumi without knowing
If is for fetching the state file, then the export and import did not went well…
STS would never get hit if you were using Pulumi Cloud as your backend and were not creating AWS resources.
Can I delete the state file from the bucket and make a recovery with the resource already created?
You should be able to recreate any resources using
pulumi import
if you delete your state file, but you should delete your state file only as a last resort. If possible tear down the stack (
pulumi destroy
) rather than deleting the state file.
I can go back and import the state file into pulumi cloud again, if that’s the problem…. but that was my previous setup when this messages started to popup and preventing the deploy of resources
Yeah, more or less, one of the resources that I built was an member account of the organization, and deleting that is a mess in AWS!
If you're learning Pulumi, it's best to stick with Pulumi Cloud as your backend. It's free for individual use forever, and it's easier than managing state file or secrets yourself.
And since that fails, the rest will fail also
I understand that point, but having the state file out of a controlled environment is hard to sell to security …
Yeah, accounts in AWS do not play so well with IaC because they can't be deleted in the same way. I recommend that you create AWS accounts outside of Pulumi (or any other IaC tool) and then use creds for the new account to mange resources.
Pulumi is SOC2 compliant for what it's worth, but as long as you're learning how to use Pulumi on your own and it's ok with your organization, use Pulumi Cloud just to get comfortable with writing Pulumi programs. When you're looking at organizational adoption, then try using S3/KMS for statefile/secrets.
Thank for the help! Awesome
Hi guys, I'm facing the same issue but I don't have the option of moving my state fi;es to Pulumi Cloud. could you guys guide me? I did not understand why the error is be thrown. Also, one of my resources uses the
method which fails, so even if I set the
flag it keeps throwing the error