https://pulumi.com logo
Join Slack
Powered by
How can I set aws:skipCredentialsValidation for au...
# aws
k
How can I set aws:skipCredentialsValidation for automation API? I am trying to run example https://github.com/pulumi/automation-api-examples/tree/main/python/pulumi_over_http and it's failing with terraform related aws error:
Copy code
Diagnostics:
  aws:s3:Bucket (s3-website-bucket):
    error: 1 error occurred:
    	* error configuring Terraform AWS Provider: AWS account ID not previously found and failed retrieving via all available methods. See <https://www.terraform.io/docs/providers/aws/index.html#skip_requesting_account_id> for workaround and implications. Errors: 2 errors occurred:
I tried adding stack.set_config("awsskipCredentialsValidation", auto.ConfigValue("true")) into main.py but it failed to parse config parameter. Any suggestions?
l
For reference, to access a value "skipCredentialsValidation" in config "aws", you'd create a Config using constructor parameter "aws", and you'd get "skipCredentialsValidation" from that. Is there a set API for that in automation-api? There isn't a set API in normal Pulumi: the Config class is read only. To set a value, you need to edit the YAML file or using the CLI.
I won't assume that the problem is related to Terraform just because of that error message. That may have been slurped from Terraform code by a Pulumi code generation tool, when the library was being built. Have you confirmed that you have the correct creds and your code is using them correctly?
k
Creds are correct and I managed to deploy fargate container using Pulumi.yaml. ". Is there a set API for that in automation-api?" There is a set_config api, for example stack.set_config("aws:region", auto.ConfigValue("us-west-2")) but it's per stack, see https://github.com/pulumi/automation-api-examples/blob/80afd678f6adc51eb9f0279ca62408b7f1e4623c/python/pulumi_over_http/app.py#L61. I believe I need skipCredentialsValidation globally and it will be a bummer if Config is read only. I had to set 
pulumi config set aws:skipCredentialsValidation true
for to get sample deployment working, but it requires Pulumi.yaml Do you think I can update this settings and pull it from pulumi service? like set it as global config for organisation all pulumi stacsk. Automation script builds stack on rest request - so Pulumi.yaml isn't there yet.
l
Well, you can set it in the provider yourself. You don't need to use the default provider.
k
Can you please point to relevant doc part? preferably python
l
k
Thank you for your help, highly appreciated
👍 1
try to create a provider following tutorial 
useast1 = aws.Provider("useast1", region="us-east-1")
, got:
Copy code
File ~/.local/lib/python3.10/site-packages/pulumi/runtime/settings.py:202, in get_monitor()
    200 monitor = SETTINGS.monitor
    201 if not monitor:
--> 202     require_test_mode_enabled()
    203 return monitor

File ~/.local/lib/python3.10/site-packages/pulumi/runtime/settings.py:147, in require_test_mode_enabled()
    145 def require_test_mode_enabled():
    146     if not is_test_mode_enabled():
--> 147         raise RunError(
    148             "Program run without the Pulumi engine available; re-run using the `pulumi` CLI"
    149         )

RunError: Program run without the Pulumi engine available; re-run using the `pulumi` CLI
l
When that happens in Typescript, it's because I've accidentally accessed a Pulumi static before picking the Pulumi stack. I don't know what that looks like in auomation-api. But at a guess, you're calling isDryRun() before getStack()? Or something like that.
k
no, it's just few lines
Copy code
import pulumi_aws as aws
useast1 = aws.Provider("useast1", region="us-east-1")
l
Did you get the stack first?
k
nope, I though provider shall be before stack
First provider then resource isn't it?
Copy code
import pulumi
import pulumi_aws as aws

# Create an AWS provider for the us-east-1 region.
useast1 = aws.Provider("useast1", region="us-east-1")

# Create an ACM certificate in us-east-1.
cert = aws.acm.Certificate("cert",
    domain_name="<http://foo.com|foo.com>",
    validation_method="EMAIL",
    __opts__=pulumi.ResourceOptions(provider=useast1))
l
That should work fine. You aren't checking isDryRun or some other static value? Those values don't exist until the stack is in memory, and accessing them causes that sort of error message.
k
nope, just only those lines
l
I can't see any problem there. This is a simple Pulumi program? No automation-api?
k
nope, just python3 + those lines
fails on useast1 line
and it doesnt really matter if I run it inside folder with Pulumi.yaml already there.
l
Maybe you could post this problem to #python? I don't think I can help on this one, sorry. It looks good to me.
k
Thank you for trying, I will try python.
👍 1
One more thing: I had to 
pip install markupsafe==2.0.1
may be it broke something
13 Views
Open in Slack
PreviousNext
Powered by