Hi just wondering if AWS default profiles are expected to wo Pulumi Community #general

Hi, just wondering if AWS default profiles are exp...

lemon-wall-81522

02/22/2019, 7:23 PM

Hi, just wondering if AWS default profiles are expected to work? I’ve got a named profile in

~/.aws/credentials

, but unless I move it to

default

, commands like

pulumi update

fail with

error: error validating provider credentials: error calling stsGetCallerIdentity InvalidClientTokenId: The security token included in the request is invalid.

incalculable-diamond-5088

02/22/2019, 7:25 PM

I have a couple of named profiles and it works. Specifically

AWS_PROFILE=test pulumi up

works

lemon-wall-81522

02/22/2019, 7:28 PM

Ah, thanks. Yes, that works. I forgot to mention I exported

AWS_DEFAULT_PROFILE

, then ran

pulumi update

unadorned. That didn’t work.

incalculable-diamond-5088

02/22/2019, 7:34 PM

Great it worked for you!

lemon-wall-81522

02/22/2019, 7:49 PM

Yes, your suggestion worked. Thank you! Still have a question about using

AWS_DEFAULT_PROFILE

, which doesn’t work. Might not be implemented.

gentle-diamond-70147

02/22/2019, 8:19 PM

I believe we ultimately rely on the underlying aws-sdk-go library for this. So if it's supported there, I think it should work in Pulumi. Unfortunately I'm not familiar with the never-ending list of ways that AWS does auth, hehe.

lemon-wall-81522

02/22/2019, 8:42 PM

Thanks @gentle-diamond-70147. I’ll read that code and see what’s what.

millions-soccer-19656

02/22/2019, 10:24 PM

@lemon-wall-81522 you can also add them via

pulumi config set

, and they vary by stack.

Copy code

pulumi config set aws:region us-east-1
pulumi config set aws:profile someprofile.role

lemon-wall-81522

02/22/2019, 10:28 PM

Good idea. The only thing I’m using that for right now is specify a region.

Open in Slack

Previous Next