# typescript


06/26/2023, 12:19 AM
How do I use assumeRoleWithWebIdentity to setup and access resources on AWS ?
Copy code
const roleToAssumeARN = String(process.env.ROLE_ARN);
        const sessionName = String(`"GitLabRunner-${process.env.CI_PROJECT_ID}-${process.env.CI_PIPELINE_ID}"`);
        const webIdentityToken = String(process.env.GITLAB_OIDC_TOKEN);

        console.log(`Looking at ${roleToAssumeARN} with ${sessionName}`)
        const awsProvider = new aws.Provider("privileged", {
            assumeRoleWithWebIdentity: {
                roleArn: roleToAssumeARN,
                sessionName: sessionName,
                webIdentityToken: webIdentityToken,
                duration: "600",
            region: aws.config.requireRegion(),
        provider = { provider: awsProvider };
const contentBucket = new aws.s3.Bucket(`wwwBucket-${currentStack}`, {}, provider);
The error
Copy code
pulumi:providers:aws (privileged):
    error: rpc error: code = Unknown desc = unable to validate AWS credentials.
    Details: no valid credential sources for Pulumi AWS Classic found.
    Please see <>
    for more information about providing credentials.
    AWS Error: failed to refresh cached credentials, no EC2 IMDS role found, operation error ec2imds: GetMetadata, request canceled, context deadline exceeded
This is the nearest hit - I am able to validate the token are correct from cli using aws sts.