No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

Screenshot 2023-12-15 at 6.56.50 PM.png

I’m trying to run Pulumi through the bitbucket pipeline using `OIDC`. But I’m Getting `unable to validate AWS credentials.` error.
But I can able to access AWS in the bitbucket pipeline through the following command
```aws sts assume-role-with-web-identity --role-arn arn:aws:iam::XXXXXX:role/projectx-build --role-session-name build-session  --web-identity-token "$BITBUCKET_STEP_OIDC_TOKEN" --duration-seconds 1000```
But when I try to run the pulumi command `pulumi preview` or `pulumi up` I get the error.

Please help on how to run Pulumi through the bitbucket pipeline?

Can you please show what your Provider looks like?

Also does your bitbucket runner have an Ec2 Instance Profile that allows the `sts:AssumeRoleWithWebIdentity` action?

Thanks for your reply, I’ve solved the issue, by exporting the `access key` and `secret key` from the sts command
```export $(printf "AWS_ACCESS_KEY_ID=%s AWS_SECRET_ACCESS_KEY=%s AWS_SESSION_TOKEN=%s" $(aws sts assume-role-with-web-identity --role-arn arn:aws:iam::**********:role/test --role-session-name test --web-identity-token "$BITBUCKET_STEP_OIDC_TOKEN" --duration-seconds 1000 --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" --output text)) ```