hey all, so we're htting an issue with the Pulumi ...
# general
hey all, so we're htting an issue with the Pulumi github action using an
s3 backend/cloud-url
- error :
Copy code
error: problem logging in: read ".pulumi/meta.yaml": blob (key ".pulumi/meta.yaml") (code=Unknown): operation error S3: GetObject, https response error StatusCode: 400, RequestID: 55R5R9SMEKDNKRN1, HostID: E5cGNxG93HUpKxIM1gBo2wNZzKtD3wl3ijYBtwbsIEJFRTzAEeqM++t9QCimWcqhy0RWTtmdL0S3rANAZXrg9w==, api error AuthorizationHeaderMalformed: The authorization header is malformed; a non-empty Access Key (AKID) must be provided in the credential.
It seems that the AWS credentials aren't being recognized in the runtime environment though afaict they are and a preceding
aws s3 ls...
cmd runs sucessfully
- name: Configure AWS development credentials uses: aws-actions/configure-aws-credentials@v2 with: aws-region: ${{ env.AWS_REGION }} role-to-assume: <role> role-session-name: github-actions - run: npm install working-directory: ${{ matrix.project }} - name: Identify available project stacks id: id-project-stacks run: | aws s3 ls --recursive --human-readable pulumi login -v=5 's3://...' echo "stacks=$(pulumi stack ls --cwd ${{ matrix.project }} --json | jq -r '.[].name' | grep -v organization | tr '\n' ' ')" >> "$GITHUB_OUTPUT" - name: Preview project development stack if: ${{ contains(steps.id-project-stacks.outputs.stacks, 'development') }} uses: pulumi/actions@v4.4.0 with: command: preview work-dir: ${{ matrix.project }} stack-name: development cloud-url: s3://... secrets-provider: <awskms://alias/pulumi-state?region=us-east-1&amp;awssdk=v2&amp;profile=production%7C&lt;&gt;secrets-provider>
Might be related to https://github.com/pulumi/pulumi/issues/11482 Both the kms and s3 code uses go.cloud, might be that's not handling assumed roles correctly. Worth raising an issue (and linking to that one above)
ah ok interesting - thanks @echoing-dinner-19531 and will do