ambitious-air-92938
10/31/2023, 2:20 PMError: Preview failed: error: getting stack configuration: get stack secrets manager: operation error KMS: Decrypt, failed to sign request: failed to retrieve credentials: failed to refresh cached credentials, no EC2 IMDS role found, operation error ec2imds: GetMetadata, canceled, context deadline exceeded
The IAM Role associated with the OIDC config and audience has admin privs across the whole AWS account.
Our stack config uses KMS as a secrets provider. The stack config is configured to use an AWS profile thus: awskms://alias/pulumi?region=eu-west-1&profile=<profile>&awssdk=v2
but I'm overriding that in the Deployment config with the mapping secretsprovider: <awskms://alias/pulumi?region=eu-west-1>
(at least I'm assuming that's overriding it). I've also verified that the KMS key has a policy attached to it that allows access from the whole AWS account.
Anyone have any ideas what I'm doing wrong?red-match-15116
11/01/2023, 1:49 AMbut I'm overriding that in the Deployment config with the mappingwhat's the command you're using to do this? and does the config you expect show up in the stack update?
ambitious-air-92938
11/01/2023, 10:28 AM