Hi there, all of a sudden i'm getting the followin...
# aws
Hi there, all of a sudden i'm getting the following error when trying to do a
pulumi up
pulumi refresh
using an S3 bucket as my backend:
Copy code
error: unable to discover AWS AccessKeyID and/or SecretAccessKey - see <https://pulumi.io/install/aws.html> for details on configuration
AFAIK nothing has changed in my
file. I've also tried specifying a profile as suggested here ( github.com/pulumi/pulumi-aws/issues/252#issuecomment-401405577 ) but i'm continuing to bang my head on this problem
Does aws sts get-caller-identity return the account you expect it to?
yes, though i should add that the backend bucket is in one account (which is accessible via my
profile) and the resources it's creating are in another (
). The
specified in my
has permission to create/modify those resources
the accounts should have cross account access to this bucket, and this did work in the past and i'm a little lost why i just recently started getting this message
something to bear in mind, the credential provider for the bucket access and your pulumi program are slightly different, i can't help with debugging, but bear that in mind
any thoughts on how to maybe get some more info? I've tried
but it doesn't show anything extra
and would
make the credentials provider more similar?
thanks for that additional info on the credentials provider though, it might give me a new wall to bang my head against lol
-v=9 --logtostderr
not the bucket, which is configured in the CLI
if you do:
Copy code
export AWS_PROFILE=<your profile name>
aws sts get-caller-identity
does it work?
also are you using aws sso?
aws sts get-caller-identity
appears to work, with an appended
to the account/role i would expect to see, and we are not using aws sso
another "interesting" thing i just noticed,
pulumi preview --diff
has no problems