I previously had awskms secrets providers working, but today they suddenly stopped working (I'm sure due to something I changed), but I haven't been able to figure it out. Even though I am specifying

profile=<profile name>&awssdk=v2

in the query parameters, it is falling back to IMDS to try and authenticate resulting in

error: constructing secrets manager of type "cloud": secrets (code=Unknown): operation error KMS: Decrypt, failed to sign request: failed to retrieve credentials: failed to refresh cached credentials, no EC2 IMDS role found, operation error ec2imds: GetMetadata, access disabled to EC2 IMDS via client option, or "AWS_EC2_METADATA_DISABLED" environment variable

I've triple checked that the profile name matches, made sure that I'm logged in through the AWS CLI, reinstalled pulumi, reinstalled aws cli. If I call

aws kms decrypt --ciphertext-blob <the blob> --profile=<profile name>

, it works as expected. I'm not really sure what else to check at this point but I'm getting fairly desperate to reach my infra