Hello everyone, just getting started with pulumi o...
# general
Hello everyone, just getting started with pulumi on aws... and I was wondering are access_key and secret_access_key required ? if I run pulumi on a ec2 server with a special IAM role, will pulumi use that role?
Yes - Pulumi will pick up AWS credentials from the environment it is running in using the standard chain of credentials sources as in https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html. This includes using the IAM role for an EC2 instance.
ah, got it
i asked because i got a strange error from pulumi... but aws s3 rb worked
i'll keep digging 🙂
Curious what error you saw?
Plan apply failed: deleting urnpulumis3sigs-dev:s3sigsawss3/bucketBucketbucket sigs eu west 1 error deleting S3 Bucket (bucket-sigs-eu-west-1-866216f): AccessDenied:No AWSAccessKey was presented. status code: 403, request id: 3F4FDA77BE40BDE3, host id: jb0t+7lSOrH73lG1AJgc6ssL9PGf2HnbSGpaPKBVbaxbT0nhvTqAvSNHJbLHavQCT4Tx/3BD/9M=
it seems the problem is related to the fact that our security team blocked all other regions except us-east-1
"Sid": "DenyRegions", "Effect": "Deny", "Action": "*", "Resource": "*", "Condition": { "StringNotEquals": { "aws:RequestedRegion": [ "us-east-1"
const bucket = new aws.s3.Bucket("bucket-sigs-eu-west-1", { region: "eu-west-1", website: { indexDocument: "index.html", errorDocument: "error.html" } })
this throws errors
works fine 🙂
thank you for confirming the credentials chain
Got it - great.