purple-orange-91853
04/22/2021, 9:25 PMerror configuring Terraform AWS Provider: Error creating AWS session: SharedConfigAssumeRoleError: failed to load assume role for arn:aws:iam::ACCTNUM:role/ROLE, source profile dev_pulumi has no shared credentials
or
error configuring Terraform AWS Provider: Error creating AWS session: CredentialRequiresARNError: credential type source_profile requires role_arn, profile dev-pulumi
My aws cli config
.aws/credentials
[default]
aws_access_key_id = redacted
aws_secret_access_key = redacted
[prod-main]
aws_access_key_id = redacted
aws_secret_access_key = redacted
[ecr-dev]
aws_access_key_id = redacted
aws_secret_access_key = redacted
[dev-pulumi]
aws_access_key_id = redacted
aws_secret_access_key = redacted
[default]
region = us-east-1
.aws/config
[profile prod]
source_profile = prod-main
role_arn = arn:aws:iam::redacted:role/redacted-TEMP
mfa_serial = arn:aws:iam::redacted:mfa/tony
[profile dev]
source_profile = prod-main
role_arn = arn:aws:iam::redacted:role/redacted-TEMP
mfa_serial = arn:aws:iam::redacted:mfa/tony
[profile eks-dev]
role_arn = arn:aws:iam::redacted:role/redacted-eksRole-role-redacted
source_profile = prod-main
mfa_serial = arn:aws:iam::redacted:mfa/tony
[profile ecr-dev]
source_profile = ecr-dev
[profile dev-pulumi]
source_profile = dev_pulumi
role_arn = arn:aws:iam::redacted:role/redacted-TEMP
I am currently just getting started with Pulumi so I am just following the basic steps outlined here: https://www.pulumi.com/docs/get-started/aws/begin/.billowy-army-68599
04/22/2021, 9:29 PM[dev-pulumi]
aws_access_key_id = redacted
aws_secret_access_key = redacted
[profile dev-pulumi]
source_profile = dev_pulumi
role_arn = arn:aws:iam::redacted:role/redacted-TEMP
dev-pulumi
(dash, not underscore?) I don't see any dev_pulumi
profilepurple-orange-91853
04/22/2021, 9:39 PMbillowy-army-68599
04/22/2021, 9:42 PMpurple-orange-91853
04/22/2021, 9:45 PMdev
file it fails with
error: unable to discover AWS AccessKeyID and/or SecretAccessKey - see <https://pulumi.io/install/aws.html> for details on configuration
[profile prod]
source_profile = prod-main
role_arn = arn:aws:iam::123456:role/role-TEMP
mfa_serial = arn:aws:iam::123456:mfa/tony
[profile dev]
source_profile = prod-main
role_arn = arn:aws:iam::098765:role/role-TEMP
mfa_serial = arn:aws:iam::123456:mfa/tony
billowy-army-68599
04/22/2021, 10:19 PMambitious-father-68746
04/23/2021, 9:00 AMpurple-orange-91853
04/23/2021, 3:12 PM--profile
in my cli strings. See Example scenario: Allow an instance profile role to switch to a role in another account
in this AWS doc for reference. https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-cli.htmlbillowy-army-68599
04/23/2021, 4:21 PM