https://pulumi.com logo
Title
s

sparse-state-34229

11/07/2021, 12:21 AM
I’m experiencing some issues with
aws-sdk-go
where when running Pulumi in a container on an EC2 instance, it’s unable to use the instance profile attached to the instance. this is the error I get:
Exception: invoke of aws:index/getCallerIdentity:getCallerIdentity failed: invocation of aws:index/getCallerIdentity:getCallerIdentity returned an error: 1 error occurred:
    	* error configuring Terraform AWS Provider: no valid credential sources for Terraform AWS Provider found.

    Please see <https://registry.terraform.io/providers/hashicorp/aws>
    for more information about providing credentials.

    Error: NoCredentialProviders: no valid providers in chain
    caused by: EnvAccessKeyNotFound: failed to find credentials in the environment.
    SharedCredsLoad: failed to load profile, .
    EC2RoleRequestError: no EC2 instance role found
    caused by: RequestCanceled: EC2 IMDS access disabled via AWS_EC2_METADATA_DISABLED env var
    error: an unhandled error occurred: Program exited with non-zero exit code: 1
• I can curl the IMDSv1 endpoint within the container • the container does not have any
AWS_*
env vars set • the container does not mount
~/.aws
• there is a valid IAM role attached to the instance that is in use with Terraform runs anyone know what’s up here?
b

billowy-army-68599

11/07/2021, 5:03 AM
@sparse-state-34229 just to be clear, you have a Pulumi program with the Pulumi SDK and you're also using the
aws-sdk-go
inside the program?
can you share your code?
s

sparse-state-34229

11/07/2021, 5:49 AM
i’m running the pulumi command
it’s run in a container
let me see what i can paste
this is from running
pdm run pulumi preview -C <project_dir> -s <stack> --diff
in github actions
b

billowy-army-68599

11/07/2021, 6:09 AM
i need the actual code in your Pulumi program
try setting the config value:
pulumi config set aws:skipMetadataApiCheck false
in your pulumi program
s

sparse-state-34229

11/07/2021, 6:11 AM
its uhh almost 5k loc haha
i’ll try that
b

billowy-army-68599

11/07/2021, 6:12 AM
or set the env var:
AWS_EC2_METADATA_DISABLED=false
s

sparse-state-34229

11/07/2021, 6:14 AM
that seems to have worked
👍 1
thank you!
what confuses me is that this isn’t an issue with terraform and it wasn’t with pulumi in the past
hmm still doesn’t work in a container, tho
can curl IMDS
b

billowy-army-68599

11/07/2021, 3:19 PM
@sparse-state-34229 you're using the aws SDK there, and need to make sure you have creds for it
s

sparse-state-34229

11/07/2021, 4:23 PM
It's on an ec2 instance with an attached role
Permissions are not an issue; the same host runs terraform with no issues
running Pulumi on the host works, then it doesn’t: https://gist.github.com/ohlol/9c8d0484c2403ea8afcab71c92bcd4bc
the gists previous to this are from it erroring on the same stack as the first
preview
run in this output just linked
[urn=urn:pulumi:main::account::pulumi:pulumi:Stack::account-main]
that one
EC2RoleRequestError: no EC2 instance role found
but, as previously shown, there is a role attached to the instance
and I am able to query it