No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

Does aws sts get-caller-identity return the account you expect it to?

yes, though i should add that the backend bucket is in one account (which is accessible via my `default` profile) and the resources it's creating are in another (`staging`). The `aws:profile` specified in my `Pulumi.stackname.yaml` has permission to create/modify those resources

the accounts _should_ have cross account access to this bucket, and this did work in the past and i'm a little lost why i just recently started getting this message

something to bear in mind, the credential provider for the bucket access and your pulumi program are slightly different, i can't help with debugging, but bear that in mind

any thoughts on how to maybe get some more info? I've tried `-v=3` but it doesn't show anything extra

and would `AWS_SDK_LOAD_CONFIG=1` make the credentials provider more similar?

thanks for that additional info on the credentials provider though, it might give me a new wall to bang my head against lol

<@USD9CRYLA> the error is coming from the provider:
<https://github.com/pulumi/pulumi-aws/blob/977a37d229d67a024220ed7eb197625922b9b0ce/provider/resources.go#L252>

not the bucket, which is configured in the CLI

if you do:
```export AWS_PROFILE=&lt;your profile name&gt;
aws sts get-caller-identity```

`aws sts get-caller-identity` appears to work, with an appended `/botocore-session-16[....]` to the account/role i would expect to see, and we are not using aws sso

another "interesting" thing i just noticed, `pulumi preview --diff` has no problems