https://pulumi.com logo
#general
Title
# general
r

red-rose-93597

12/15/2023, 1:37 PM
I’m trying to run Pulumi through the bitbucket pipeline using
OIDC
. But I’m Getting
unable to validate AWS credentials.
error. But I can able to access AWS in the bitbucket pipeline through the following command
Copy code
aws sts assume-role-with-web-identity --role-arn arn:aws:iam::XXXXXX:role/projectx-build --role-session-name build-session  --web-identity-token "$BITBUCKET_STEP_OIDC_TOKEN" --duration-seconds 1000
But when I try to run the pulumi command
pulumi preview
or
pulumi up
I get the error. Please help on how to run Pulumi through the bitbucket pipeline?
c

cuddly-computer-18851

12/15/2023, 11:29 PM
Can you please show what your Provider looks like? Also does your bitbucket runner have an Ec2 Instance Profile that allows the
sts:AssumeRoleWithWebIdentity
action?
r

red-rose-93597

12/18/2023, 5:22 AM
Thanks for your reply, I’ve solved the issue, by exporting the
access key
and
secret key
from the sts command
Copy code
export $(printf "AWS_ACCESS_KEY_ID=%s AWS_SECRET_ACCESS_KEY=%s AWS_SESSION_TOKEN=%s" $(aws sts assume-role-with-web-identity --role-arn arn:aws:iam::**********:role/test --role-session-name test --web-identity-token "$BITBUCKET_STEP_OIDC_TOKEN" --duration-seconds 1000 --query "Credentials.[AccessKeyId,SecretAccessKey,SessionToken]" --output text))