Hi All, I'm not sure if it is a bug or expected be...
# general
Hi All, I'm not sure if it is a bug or expected behaviour. Context: there is a CI job as github action where command
pulumi preview -s dev
is invoked.
has variable
which is set to profile name that is used by developers. In order for CI job to work this variable is remove before running preview command. Issue: If preview command is executed with
refresh: always
provider is looking for aws profile that is used for local operation and fails - CI job uses different one. Output looks like this:
Copy code
Previewing update (dev):
[resource plugin awsx-2.11.0] installing
[resource plugin docker-4.5.4] installing
[resource plugin aws-native-0.108.1] installing
[resource plugin aws-6.37.1] installing
[resource plugin aws-6.38.1] installing
@ previewing update.................
@ previewing update....
 ~  pulumi:pulumi:Stack <name hidden>-dev refreshing 
 ~  pulumi:pulumi:Stack <name hidden>-dev refreshing 
 ~  aws:ec2:Vpc default refreshing 
 ~  aws-native:iam:Role github_ci_readonly refreshing 
 ~  aws-native:iam:Role github_ci_readonly refreshing error: Preview failed: could not load AWS config: failed to get shared config profile, <profile name>
Question 1: Why profile is stored in pulumi state? Question 2: How to make pulumi to ignore stored in state profile name?
Not an exact answer to your question, but it looks you’re at the point where you should consider creating your own providers. When you create the provider yourself, you have control over profile name etc. We also have times where we need to set different profile names depending on the context of where the code is run, and custom providers fixed that and gave us some additional benefits (eg. not accidentally running in wrong AWS account) Here is a simplified version of what we use to lazily create our provider (this is in a shared library)
Copy code
let provider: awsNative.Provider;

const DEFAULT_REGION: awsNative.Region = "us-east-2";

export function getAwsRegion(): awsNative.Region {
  return new pulumi.Config().get("aws-region") || DEFAULT_REGION;

export function getAwsNativeProvider(): awsNative.Provider {
  if (!provider) {
    const accountName: string = new pulumi.Config().require("aws-account-name");
    provider = new awsNative.Provider("aws-native", {
      region: getAwsRegion(),
      allowedAccountIds: [getAwsAccountId(accountName)],
  return provider;
And our
ends up looking like this
Copy code
  example:aws-account-name: dev
  example:aws-region: us-east-2
    - aws
@limited-window-74907 Thanks for the tip. I implemented it but it is still failing since state file captures input for provider resource and use values when refresh operation is invoked (at least I understand it this way).
Copy code
                    "urn": "urn:pulumi:dev::ops-base::pulumi:providers:aws-native::default-aws-native-provider",
                    "custom": true,
                    "id": "06359dcb-...-00ccab670da1",
                    "type": "pulumi:providers:aws-native",
                    "inputs": {
                        "profile": "<profile name>",
                        "region": "<region value>",
                        "skipCredentialsValidation": "true",
                        "skipGetEc2Platforms": "true",
                        "skipMetadataApiCheck": "true",
                        "skipRegionValidation": "true",
                        "version": "0.108.3"
I have last idea - to remove values from state file and add them to
which is passed to provider constructor.