https://pulumi.com
Join Slack
Hello! I'm trying to use the Pulumi OIDC provider in our AWS GovCloud account to support Pulumi Depl...
# aws
l
Hello! I'm trying to use the Pulumi OIDC provider in our AWS GovCloud account to support Pulumi Deployments. I have successfully created the 
<http://api.pulumi.com/oidc|api.pulumi.com/oidc>
provider and IAM Role per this doc: https://www.pulumi.com/docs/pulumi-cloud/oidc/provider/aws/ I have Enabled the AWS Integration in Pulumi Deployments settings and put in the IAM Role ARN and Session Name. When I manually trigger a Preview Deployment, it fails consistently with this error:
Copy code
Fetch provider credentials via OIDC
 $ /pulumi-deploy-executor oidc --workDir="/deployment" 

 Error: fetching AWS credentials: WebIdentityErr: failed to retrieve credentials
 caused by: InvalidIdentityToken: No OpenIDConnect provider found in your account for <https://api.pulumi.com/oidc> 
 	status code: 400, request id: 47841196-a280-4c19-a9c4-0938618aba7d
Separately, I have successfully set up a similar OIDC provider for GitHub Actions which we use for ECS Deployments. This works. The Pulumi OIDC provider does not.
I suspect it's related to this issue: https://github.com/pulumi/esc/issues/256
w
Yes - that is something we’ll need to add support for to unblock this. I assume in your case you are hitting this for Deployments, not ESC? Would be great if you wanted to add a note on your scenario to that issue!
l
yup, I'll add a note to the issue
41 Views
Open in Slack
PreviousNext
Powered by

Pulumi Community

No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Powered by