I am trying to use a s3 bucket as a backend for storing stat Pulumi Community #getting-started

I am trying to use a s3 bucket as a backend for st...

gray-river-5585

04/27/2021, 8:50 PM

I am trying to use a s3 bucket as a backend for storing state. When I use

local

as a backend, I can successfully provision AWS resources, but when I try to setup a s3 backend, I get the below error. I can read/write to the bucket via AWS CLI. I have also tried using a fully public bucket (for debugging only) and got the same error. Any advice would be greatly appreciated

Copy code

error: could not create stack: An IO error occurred while writing the new snapshot file: blob (key ".pulumi/stacks/dev.json") (code=Unknown): AccessDenied: Access Denied
        status code: 403, request id: XXXXXXXXXXXXX, host id: XXXXXXXXXXXXXXXXXXXXXX

billowy-army-68599

04/27/2021, 8:59 PM

do you have aws credentials configured for that bucket?

gray-river-5585

04/27/2021, 9:04 PM

I think so, I can use the AWS CLI to list, put, get

billowy-army-68599

04/27/2021, 9:11 PM

can you create that file

.pulumi/stacks/dev.json

gray-river-5585

04/27/2021, 9:14 PM

Yes, I can create that object via

aws s3api put-object

billowy-army-68599

04/27/2021, 9:17 PM

interesting, Pulumi just uses the AWS SDK so I can't understand why that wouldn't work

gray-river-5585

04/27/2021, 9:18 PM

I have tried cranking the verbose level, but I don't get any additional output

gray-river-5585

04/27/2021, 9:20 PM

Looks like level 7 may have something extra to say https://github.com/pulumi/pulumi/blob/master/pkg/backend/filestate/state.go#L209, I will try that one specifically

gray-river-5585

04/27/2021, 9:36 PM

hmm, cannot seem to get that logging line to fire

billowy-army-68599

04/27/2021, 9:54 PM

--logtostderr --verbose

should do it

gray-river-5585

04/27/2021, 9:56 PM

Thanks, that got the verbose logs out!

gray-river-5585

04/27/2021, 9:57 PM

Unfortunately, no additional information in them

billowy-army-68599

04/27/2021, 10:14 PM

what does

aws sts get-caller-identity

return? do you have any env vars set that might be conflicting?

gray-river-5585

04/27/2021, 10:14 PM

I get a valid response with my token in it

gray-river-5585

04/27/2021, 10:14 PM

I am wondering if I have misconfigured the

bucket-path

billowy-army-68599

04/27/2021, 10:15 PM

how have you set it?

gray-river-5585

04/27/2021, 10:16 PM

pulumi login <s3://s3>.[aws-region].<http://amazonaws.com/[bucket-name]|amazonaws.com/[bucket-name]>

billowy-army-68599

04/27/2021, 10:17 PM

did you try just

pulumi login <s3://bucket-name>

gray-river-5585

04/27/2021, 10:17 PM

Just tried that and got a new error!

gray-river-5585

04/27/2021, 10:19 PM

@billowy-army-68599 That was it! Thank you for helping me step through that

billowy-army-68599

04/27/2021, 10:28 PM

No worries, Would you mind opening an issue for this in github.com/pulumi/pulumi? There’s no reason I can think of that the fully qualified bucket name shouldn’t work

gray-river-5585

04/27/2021, 11:08 PM

I would be happy to, I opened a docs PR for a minor wording change that would have helped me

6 Views

Open in Slack

Previous Next