This morning I am unable to update. I seem to be encountering https://github.com/pulumi/pulumi-aws/issues/814. I don't get why it would be using an expired token, I am manually calling

aws sts get-session-token

(because I use MFA) and setting the

AWS_ACCESS_KEY_ID

,

AWS_SECRET_ACCESS_KEY

,

AWS_SESSION_TOKEN

myself. They are definitely not expired. Any idea why this would be happening?

Is your provider set up to use a particular profile? If it is, it won't be using the env vars...

It definitely does use them, at least to assume the role.

Oh, I though if you use

role_arm

to configure the role you assume, then you have to have a

source_profile

?

The only way I got it to work in the past was with a custom Provider that uses

assume_role

Ah. I've been using

profile

not

assumeRole

. I don't have experience that can help, sorry.

I think

GetCallerIdentity

is a red herring. That seems to be fine. It's not clear exactly what is going wrong. I ran it again and the logs end with

debug: waiting for quiescence; 19 RPCs outstanding

and then it eventually times out.

what's in the output of

env

, any other AWS env var in there?

It's ok it was something totally unrelated.

mind me asking what it was ?

It was a custom provider that was hanging. The logs just made it look like the last thing it was doing was calling

GetCallerIdentity

, which it was but that is not what was hanging.