https://pulumi.com logo
#general
Title
# general
s

salmon-father-71224

11/09/2018, 2:40 PM
Hello everyone, just getting started with pulumi on aws... and I was wondering are access_key and secret_access_key required ? if I run pulumi on a ec2 server with a special IAM role, will pulumi use that role?
w

white-balloon-205

11/09/2018, 2:47 PM
Yes - Pulumi will pick up AWS credentials from the environment it is running in using the standard chain of credentials sources as in https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html. This includes using the IAM role for an EC2 instance.
s

salmon-father-71224

11/09/2018, 2:49 PM
ah, got it
i asked because i got a strange error from pulumi... but aws s3 rb worked
i'll keep digging 🙂
w

white-balloon-205

11/09/2018, 2:57 PM
Curious what error you saw?
s

salmon-father-71224

11/09/2018, 2:58 PM
Plan apply failed: deleting urnpulumis3sigs-dev:s3sigsawss3/bucketBucketbucket sigs eu west 1 error deleting S3 Bucket (bucket-sigs-eu-west-1-866216f): AccessDenied:No AWSAccessKey was presented. status code: 403, request id: 3F4FDA77BE40BDE3, host id: jb0t+7lSOrH73lG1AJgc6ssL9PGf2HnbSGpaPKBVbaxbT0nhvTqAvSNHJbLHavQCT4Tx/3BD/9M=
it seems the problem is related to the fact that our security team blocked all other regions except us-east-1
"Sid": "DenyRegions", "Effect": "Deny", "Action": "*", "Resource": "*", "Condition": { "StringNotEquals": { "aws:RequestedRegion": [ "us-east-1"
const bucket = new aws.s3.Bucket("bucket-sigs-eu-west-1", { region: "eu-west-1", website: { indexDocument: "index.html", errorDocument: "error.html" } })
this throws errors
us-east-1
works fine 🙂
thank you for confirming the credentials chain
w

white-balloon-205

11/09/2018, 3:12 PM
Got it - great.