https://pulumi.com logo
Powered by
#getting-started
Title
# getting-started
i

incalculable-plastic-17510

10/24/2023, 10:11 PM
Hi all, not sure if this is getting started but I'm setting up my first Github action to run 
pulumi up
and I'm getting the following error. I'll share the yaml in this thread
Copy code
pulumi:providers:aws default_6_0_2  error: rpc error: code = Unknown desc = 2 errors occurred:
   +  pulumi:pulumi:Stack '' created (6s) 
      pulumi:providers:aws default_6_0_2 **failed** 1 error
  Diagnostics:
    pulumi:providers:aws (default_6_0_2):
      error: rpc error: code = Unknown desc = 2 errors occurred:
      	* unable to validate AWS credentials.
      Details: validating provider credentials: retrieving caller identity from STS: operation error STS: GetCallerIdentity, https response error StatusCode: 0, RequestID: , request send failed, Post "<https://sts.us-west-2.amazonaws.com/>": dial tcp: lookup <http://sts.us-west-2.amazonaws.com|sts.us-west-2.amazonaws.com>: no such host
      Make sure you have set your AWS region, e.g. `pulumi config set aws:region us-west-2`.
      
      	* unable to validate AWS credentials.
      Details: validating provider credentials: retrieving caller identity from STS: operation error STS: GetCallerIdentity, https response error StatusCode: 0, RequestID: , request send failed, Post "<https://sts.us-west-2.amazonaws.com/>": dial tcp: lookup <http://sts.us-west-2.amazonaws.com|sts.us-west-2.amazonaws.com>: i/o timeout
      Make sure you have set your AWS region, e.g. `pulumi config set aws:region us-west-2`.
This is my Github action yaml
Copy code
jobs:
    dev:
        name: Deploy Staging Changes
        runs-on: self-hosted
        steps:
            - name: Checkout
              uses: actions/checkout@v4
            - name: Volta
              run: volta install pnpm
            - name: Setup Node
              uses: actions/setup-node@v3.5.0
              with:
                node-version: "20"
                cache: "pnpm"
            - name: Install dependencies
              run: pnpm install
            - name: Configure AWS Credentials
              uses: aws-actions/configure-aws-credentials@v2
              with:
                aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
                aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
                aws-region: ${{ env.AWS_REGION }}
            - name: Pulumi Update
              uses: pulumi/actions@v3
              with:
                command: up
                stack-name: staging
                comment-on-pr: true
                work-dir: ${{ env.WORKDIR }}
                upsert: true
              env:
                PULUMI_ACCESS_TOKEN: ${{ secrets.ACCESS_TOKEN }}
I've tried running 
pulumi config set
for these too to see if it's the env variables that are the problem and no change
My infra folder is a package in a monorepo and we're using pnpm
l

little-cartoon-10569

10/24/2023, 10:52 PM
Have you checked the values in your deployment secrets? That error message is saying the problem is in AWS_ACCESS_KEY_ID and AWS_SECRET_ACCES_KEY.
i

incalculable-plastic-17510

10/24/2023, 10:53 PM
I have checked them yes, tested the values locally and then updated the secrets with the working values
l

little-cartoon-10569

10/24/2023, 10:57 PM
I see this in the error log:
dial tcp: lookup sts.us-west-2.amazonaws.com: no such host
Any ideas why that might be there? Are you running on a firewalled local runner?
i

incalculable-plastic-17510

10/24/2023, 11:06 PM
It is running on a self hosted runner so I'll check that that isn't blocking Pulumi
l

little-cartoon-10569

10/24/2023, 11:07 PM
It's access to AWS that needs to be enabled. The problem was when trying to connect to amazonaws.com
i

incalculable-plastic-17510

10/24/2023, 11:49 PM
The runner can access AWS ECR and CLI
l

little-cartoon-10569

10/25/2023, 12:59 AM
Are you still getting the same error? Could it have been a temporary issue?
d

dry-keyboard-94795

10/25/2023, 9:18 AM
There's been a few people having the same timeout error for STS this week. Unfortunately, aws doesn't provide health status for the sts service 🙄
i

incalculable-plastic-17510

10/25/2023, 5:13 PM
@little-cartoon-10569 still seeing it, I've run into a similar issue running pulumi locally when it was working yesterday
It was a temporary problem, however I did need to set my AWS secret key in a step in the action for it to work
l

little-cartoon-10569

10/25/2023, 10:51 PM
That's what 
aws-actions/configure-aws-credentials
is for though. If you're setting the access and secret keys manually, then you don't need that action.
One or the other should be fine.
i

incalculable-plastic-17510

10/25/2023, 11:05 PM
I've tried one and the other and without 
aws-actions/configure-aws-credentials
I get a 
Error: No valid credential sources found for AWS Provider.
and without setting the secret manually I get the above error... I'm looking into our AWS IAM config to see if something is stopping it there
Thanks for the help @little-cartoon-10569!
Powered by