https://pulumi.com logo
Join Slack
Powered by
This message was deleted.
# aws
s
This message was deleted.
g
Run the same S3 command on the instance manually with the aws cli and see if you get the same error
If the aws cli command works OK using the instance role, check that there's no leftover config anywhere around in config files, or the environment, that might be feeding outdated or incorrect credentials to Pulumi
b
Hi @gifted-gigabyte-53859, I have tried to create S3 bucket using was cli and it worked fine with the same IAM Role access but I try to run Pulumi than it is not working and showing the mentioned error, it works if I use access key/secret key, also I checked there is no other config on my system
g
Please post your exact error message, and also your stack config file (redact any sensitive info) @brainy-flower-70624 is this the full error, or is there more?
Copy code
error getting S3 Bucket Object Lock configuration: AccessDenied: Access Denied
b
$ cat Pulumi.yaml name: testprj runtime: yaml description: A minimal AWS Pulumi YAML program outputs: # Export the name of the bucket bucketName: ${my-bucket.id} resources: # Create an AWS resource (S3 Bucket) my-bucket: type: awss3Bucket $ $ cat Pulumi.dev.yaml encryptionsalt: v1zlMqOFfr+GA=v1b5YDqHAagdj6CyEOMe/rz/Fs4WbZrqi4I3vYI6/m/nkZlw== config: awsregion us-east-1 awsskipMetadataApiCheck "false" $ $ pulumi up Enter your passphrase to unlock config/secrets (set PULUMI_CONFIG_PASSPHRASE or PULUMI_CONFIG_PASSPHRASE_FILE to remember): Previewing update (dev): Type Name Plan pulumipulumiStack testprj-dev ~ └─ awss3Bucket my-bucket update Outputs: + bucketName: "my-bucket-fd8d47d" Resources: ~ 1 to update 1 unchanged Do you want to perform this update? yes Updating (dev): Type Name Status Info pulumipulumiStack testprj-dev failed 1 error ~ └─ awss3Bucket my-bucket updating failed 1 error Diagnostics: pulumipulumiStack (testprj-dev): error: update failed awss3Bucket (my-bucket): error: Resource provider reported that the resource did not exist while updating urnpulumidev:testprjawss3/bucket🪣:my-bucket. This is usually a result of the resource having been deleted outside of Pulumi, and can often be fixed by running 
pulumi refresh
before updating. Resources: 1 unchanged Duration: 1s $
Attached all the details
g
@brainy-flower-70624 the error you're getting from pulumi indicates that the credentials are working, since it can read whether the bucket exists or not. The error is related to the bucket not existing, not related to lacking authorisation
Try 
pulumi refresh
as suggested in the error message
Also check that the ec2 instance role assinged to your instance has permission to act in S3
b
Can you also let us know how can we set the default action as yes when we perform pulumi up command
Can you also let us know how can we set the default action as yes when we perform pulumi up command
l
You can use either 
pulumi up --yes
(to preview then deploy, automatically) or 
pulumi up --skip-preview
(which only deploys, and therefore doesn't need the interactive response at all).
g
@brainy-flower-70624 I have an alias in my shell. 
-y
is yes. 
--skip-preview
does what it says 😉
Copy code
% alias
grs='git reset --soft HEAD~1'
pdiff='pulumi preview --diff'
pref='pulumi refresh'
'pref!'='pulumi refresh -y --skip-preview'
pup='pulumi up'
'pup!'='pulumi up -y --skip-preview'
run-help=man
which-command=whence
l
-y --skip-preview
is redundant. 
--yes
or 
-y
effectively answers yes to the post-preview question "Do you want to continue?". If you skip the preview, the question is never asked, so it doesn't need to be skipped.
👍 1
g
You're right thanks for pointing that out.
Open in Slack
PreviousNext
Powered by