credentials are set through aws configure, so it's in the aws credentials file but I have also export the value in the local environment. I'm working inside a poetry venv but have tried without the venv with no change to the issue.
same issue with the command you shared (credential info scrubbed, albeit original is correct):
Type Name
+ pulumi
pulumiStack demo-dev
└─ pulumi
providersaws default_6_8_0
Diagnostics:
pulumi
providersaws (default_6_8_0):
error: rpc error: code = Unknown desc = unable to validate AWS credentials.
Details: validating provider credentials: retrieving caller identity from STS: operation error STS: GetCallerIdentity, https response error StatusCode: 400, RequestID: e03d6756-647d-44a3-8e70-f5b5df16761c, api error IncompleteSignature: '/20231115/us-east-1/sts/aws4_request' not a valid key=value pair (missing equal-sign) in Authorization header: 'AWS4-HMAC-SHA256 Credential=AKA5PSXE3 /20231115/us-east-1/sts/aws4_request, SignedHeaders=amz-sdk-invocation-id;amz-sdk-request;content-length;content-type;host;x-amz-date, Signature=1906fc70039ecb24abe2160823b589647307e6c7bd661fae1d5253'.
Make sure you have set your AWS region, e.g.
pulumi config set aws:region us-west-2
.
NEW: You can use Pulumi ESC to set up dynamic credentials with AWS OIDC to ensure the correct and valid credentials are used.
Learn more:
https://www.pulumi.com/blog/esc-env-run-aws/