prehistoric-garage-97980
06/26/2023, 12:19 AMconst roleToAssumeARN = String(process.env.ROLE_ARN);
const sessionName = String(`"GitLabRunner-${process.env.CI_PROJECT_ID}-${process.env.CI_PIPELINE_ID}"`);
const webIdentityToken = String(process.env.GITLAB_OIDC_TOKEN);
console.log(`Looking at ${roleToAssumeARN} with ${sessionName}`)
const awsProvider = new aws.Provider("privileged", {
assumeRoleWithWebIdentity: {
roleArn: roleToAssumeARN,
sessionName: sessionName,
webIdentityToken: webIdentityToken,
duration: "600",
},
region: aws.config.requireRegion(),
});
provider = { provider: awsProvider };
...
const contentBucket = new aws.s3.Bucket(`wwwBucket-${currentStack}`, {}, provider);
The error
pulumi:providers:aws (privileged):
error: rpc error: code = Unknown desc = unable to validate AWS credentials.
Details: no valid credential sources for Pulumi AWS Classic found.
Please see <https://www.pulumi.com/registry/packages/aws/installation-configuration/>
for more information about providing credentials.
AWS Error: failed to refresh cached credentials, no EC2 IMDS role found, operation error ec2imds: GetMetadata, request canceled, context deadline exceeded
This is the nearest hit - https://github.com/pulumi/pulumi-aws/issues/2425
I am able to validate the token are correct from cli using aws sts.