hello, any ideas how to pass two different provide...
# general
hello, any ideas how to pass two different provider config for different region in pulumi go project? was tried the
, but keep getting the error like below
Copy code
error: 1 error occurred:\n    \t* error configuring Terraform AWS Provider: no valid credential sources for Terraform AWS Provider found.\n    \n    Please see <https://registry.terraform.io/providers/hashicorp/aws>\n    for more information about providing credentials.\n    \n    Error: failed to refresh cached credentials, no EC2 IMDS role found, operation error ec2imds: GetMetadata, access disabled to EC2 IMDS via client option, or \"AWS_EC2_METADATA_DISABLED\" environment variable\n\nResources:\n
Also was tried set the
SkipMetadataApiCheck: false
didn’t help at all. Any suggestions will be appreciated
You should be able to declare an explicit AWS provider and specify configuration parameters, like AWS region. I had to do this a while back for some VPC peering, here’s the code I used:
Copy code
// Set up a provider for the destination region
		dstProvider, err := aws.NewProvider(ctx, "dstProvider", &aws.ProviderArgs{
			Region: pulumi.String(dstVpcRegion),
Note that
was a configuration parameter I pulled into the program using
Then you specify that explicit provider for resources that need to be created in the other region.
this is exactly what I did in my code
Copy code
provider, err := aws.NewProvider(ctx, "aws-provider-"+region, &aws.ProviderArgs{
		Region:               pulumi.String(region),
And then you used
when creating other resources?
In my case I need to provision a resource in both us-east-2 and us-west-2, so I pass the region to the provider config above, but still get the error
Are your AWS credentials appropriately sourced/supplied?
I append the provider config to the
Copy code
opts := make([]pulumi.ResourceOption, 0)

opts = append(opts, pulumi.Provider(provider))

	// Create ecr repo
	repo, err := ecr.NewRepository(ctx, serviceName, repoArgs, opts...)
	if err != nil {
		return nil, err
In my case, we are using the pulumi k8s operator, which we have IAM role configured for the operator
It works perfect for single region until I add this multi-region support
Ah, you’re using the K8s Operator. That does change things a bit. Based on the error message above, it looks like there is an IAM error related to an inability to access the metadata service. That being said, I’m unclear why this would affect only multi-region setups.
Thanks @salmon-account-74572 are you saying the issue might related to the IAM role that assigned to the k8s operator?
I believe so, yes. I have a hunch (but can’t confirm/verify yet) that it’s related to a recent change regarding instances defaulting to IMDSv2.
not sure why we need this
GetMetadata, access disabled to EC2 IMDS
, in my case I’m not creating EC2 resource 🙂 i’m trying to create elastic container repo
How are you passing credentials to the operator?
through IAM role @billowy-army-68599
With what mechanism? Node roles? IRSA?
as k8s ENV to operator, we are using the
env to assign an AWS IAM role
Okay, but just setting that env var wont actually do the work to get a role pushed down. Are you using iam roles for service accounts or anything else?
That environment variable only tells the operator which role to try assume
that’s true. basically we have script to create k8s crd stack, once the stack created it will be consume by pulumi k8s operator watch(), then start provision resource based on whatever we pass into the stack
the IAM role of k8s operator is mainly for provision actual AWS resources, don’t think that related to the error above, which is more related to the provider
Unless I’m mistaken, though, the operator needs to use the role to provision resources via the provider
we use the default provider which we get when we don’t specify a custom provider
I’m just trying to follow this doc https://www.pulumi.com/blog/deploy-to-multiple-regions/ from pulumi
@salmon-hair-39994 did you manage to solve this...running into the same?
looks like adding this
SkipMetadataApiCheck: pulumi.BoolPtr(false),
in my code did fix the issue