Hi all not sure if this is getting started but I m setting u Pulumi Community #getting-started

Hi all, not sure if this is getting started but I'...

incalculable-plastic-17510

10/24/2023, 10:11 PM

Hi all, not sure if this is getting started but I'm setting up my first Github action to run

pulumi up

and I'm getting the following error. I'll share the yaml in this thread

Copy code

pulumi:providers:aws default_6_0_2  error: rpc error: code = Unknown desc = 2 errors occurred:
   +  pulumi:pulumi:Stack '' created (6s) 
      pulumi:providers:aws default_6_0_2 **failed** 1 error
  Diagnostics:
    pulumi:providers:aws (default_6_0_2):
      error: rpc error: code = Unknown desc = 2 errors occurred:
      	* unable to validate AWS credentials.
      Details: validating provider credentials: retrieving caller identity from STS: operation error STS: GetCallerIdentity, https response error StatusCode: 0, RequestID: , request send failed, Post "<https://sts.us-west-2.amazonaws.com/>": dial tcp: lookup <http://sts.us-west-2.amazonaws.com|sts.us-west-2.amazonaws.com>: no such host
      Make sure you have set your AWS region, e.g. `pulumi config set aws:region us-west-2`.
      
      	* unable to validate AWS credentials.
      Details: validating provider credentials: retrieving caller identity from STS: operation error STS: GetCallerIdentity, https response error StatusCode: 0, RequestID: , request send failed, Post "<https://sts.us-west-2.amazonaws.com/>": dial tcp: lookup <http://sts.us-west-2.amazonaws.com|sts.us-west-2.amazonaws.com>: i/o timeout
      Make sure you have set your AWS region, e.g. `pulumi config set aws:region us-west-2`.

incalculable-plastic-17510

10/24/2023, 10:11 PM

This is my Github action yaml

Copy code

jobs:
    dev:
        name: Deploy Staging Changes
        runs-on: self-hosted
        steps:
            - name: Checkout
              uses: actions/checkout@v4
            - name: Volta
              run: volta install pnpm
            - name: Setup Node
              uses: actions/setup-node@v3.5.0
              with:
                node-version: "20"
                cache: "pnpm"
            - name: Install dependencies
              run: pnpm install
            - name: Configure AWS Credentials
              uses: aws-actions/configure-aws-credentials@v2
              with:
                aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
                aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
                aws-region: ${{ env.AWS_REGION }}
            - name: Pulumi Update
              uses: pulumi/actions@v3
              with:
                command: up
                stack-name: staging
                comment-on-pr: true
                work-dir: ${{ env.WORKDIR }}
                upsert: true
              env:
                PULUMI_ACCESS_TOKEN: ${{ secrets.ACCESS_TOKEN }}

incalculable-plastic-17510

10/24/2023, 10:12 PM

I've tried running

pulumi config set

for these too to see if it's the env variables that are the problem and no change

incalculable-plastic-17510

10/24/2023, 10:15 PM

My infra folder is a package in a monorepo and we're using pnpm

little-cartoon-10569

10/24/2023, 10:52 PM

Have you checked the values in your deployment secrets? That error message is saying the problem is in AWS_ACCESS_KEY_ID and AWS_SECRET_ACCES_KEY.

incalculable-plastic-17510

10/24/2023, 10:53 PM

I have checked them yes, tested the values locally and then updated the secrets with the working values

little-cartoon-10569

10/24/2023, 10:57 PM

I see this in the error log:

dial tcp: lookup sts.us-west-2.amazonaws.com: no such host

Any ideas why that might be there? Are you running on a firewalled local runner?

incalculable-plastic-17510

10/24/2023, 11:06 PM

It is running on a self hosted runner so I'll check that that isn't blocking Pulumi

little-cartoon-10569

10/24/2023, 11:07 PM

It's access to AWS that needs to be enabled. The problem was when trying to connect to amazonaws.com

incalculable-plastic-17510

10/24/2023, 11:49 PM

The runner can access AWS ECR and CLI

little-cartoon-10569

10/25/2023, 12:59 AM

Are you still getting the same error? Could it have been a temporary issue?

dry-keyboard-94795

10/25/2023, 9:18 AM

There's been a few people having the same timeout error for STS this week. Unfortunately, aws doesn't provide health status for the sts service 🙄

incalculable-plastic-17510

10/25/2023, 5:13 PM

@little-cartoon-10569 still seeing it, I've run into a similar issue running pulumi locally when it was working yesterday

incalculable-plastic-17510

10/25/2023, 10:48 PM

It was a temporary problem, however I did need to set my AWS secret key in a step in the action for it to work

little-cartoon-10569

10/25/2023, 10:51 PM

That's what

aws-actions/configure-aws-credentials

is for though. If you're setting the access and secret keys manually, then you don't need that action.

little-cartoon-10569

10/25/2023, 10:52 PM

One or the other should be fine.

incalculable-plastic-17510

10/25/2023, 11:05 PM

I've tried one and the other and without

aws-actions/configure-aws-credentials

I get a

Error: No valid credential sources found for AWS Provider.

and without setting the secret manually I get the above error... I'm looking into our AWS IAM config to see if something is stopping it there

incalculable-plastic-17510

10/25/2023, 11:10 PM

Thanks for the help @little-cartoon-10569!

4 Views

Open in Slack

Previous Next