This message was deleted.
# aws
s
This message was deleted.
b
Does aws sts get-caller-identity return the account you expect it to?
h
yes, though i should add that the backend bucket is in one account (which is accessible via my
default
profile) and the resources it's creating are in another (
staging
). The
aws:profile
specified in my
Pulumi.stackname.yaml
has permission to create/modify those resources
the accounts should have cross account access to this bucket, and this did work in the past and i'm a little lost why i just recently started getting this message
b
something to bear in mind, the credential provider for the bucket access and your pulumi program are slightly different, i can't help with debugging, but bear that in mind
h
any thoughts on how to maybe get some more info? I've tried
-v=3
but it doesn't show anything extra
and would
AWS_SDK_LOAD_CONFIG=1
make the credentials provider more similar?
thanks for that additional info on the credentials provider though, it might give me a new wall to bang my head against lol
b
-v=9 --logtostderr
not the bucket, which is configured in the CLI
if you do:
Copy code
export AWS_PROFILE=<your profile name>
aws sts get-caller-identity
does it work?
also are you using aws sso?
h
aws sts get-caller-identity
appears to work, with an appended
/botocore-session-16[....]
to the account/role i would expect to see, and we are not using aws sso
another "interesting" thing i just noticed,
pulumi preview --diff
has no problems