Hello! I'm trying to use the Pulumi OIDC provider in our AWS GovCloud account to support Pulumi Depl...

little-salesmen-46373

06/22/2024, 3:00 AM

Hello! I'm trying to use the Pulumi OIDC provider in our AWS GovCloud account to support Pulumi Deployments. I have successfully created the

<http://api.pulumi.com/oidc|api.pulumi.com/oidc>

provider and IAM Role per this doc: https://www.pulumi.com/docs/pulumi-cloud/oidc/provider/aws/ I have Enabled the AWS Integration in Pulumi Deployments settings and put in the IAM Role ARN and Session Name. When I manually trigger a Preview Deployment, it fails consistently with this error:

Copy code

Fetch provider credentials via OIDC
 $ /pulumi-deploy-executor oidc --workDir="/deployment" 

 Error: fetching AWS credentials: WebIdentityErr: failed to retrieve credentials
 caused by: InvalidIdentityToken: No OpenIDConnect provider found in your account for <https://api.pulumi.com/oidc> 
 	status code: 400, request id: 47841196-a280-4c19-a9c4-0938618aba7d

Separately, I have successfully set up a similar OIDC provider for GitHub Actions which we use for ECS Deployments. This works. The Pulumi OIDC provider does not. Slack Conversation

9 Views

Open in Slack

Previous Next

Pulumi Community

No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.