https://pulumi.com logo
l

lemon-wall-81522

02/22/2019, 7:23 PM
Hi, just wondering if AWS default profiles are expected to work? I’ve got a named profile in
~/.aws/credentials
, but unless I move it to
default
, commands like
pulumi update
fail with
error: error validating provider credentials: error calling stsGetCallerIdentity InvalidClientTokenId: The security token included in the request is invalid.
i

incalculable-diamond-5088

02/22/2019, 7:25 PM
I have a couple of named profiles and it works. Specifically
AWS_PROFILE=test pulumi up
works
l

lemon-wall-81522

02/22/2019, 7:28 PM
Ah, thanks. Yes, that works. I forgot to mention I exported
AWS_DEFAULT_PROFILE
, then ran
pulumi update
unadorned. That didn’t work.
i

incalculable-diamond-5088

02/22/2019, 7:34 PM
Great it worked for you!
l

lemon-wall-81522

02/22/2019, 7:49 PM
Yes, your suggestion worked. Thank you! Still have a question about using
AWS_DEFAULT_PROFILE
, which doesn’t work. Might not be implemented.
g

gentle-diamond-70147

02/22/2019, 8:19 PM
I believe we ultimately rely on the underlying aws-sdk-go library for this. So if it's supported there, I think it should work in Pulumi. Unfortunately I'm not familiar with the never-ending list of ways that AWS does auth, hehe.
l

lemon-wall-81522

02/22/2019, 8:42 PM
Thanks @gentle-diamond-70147. I’ll read that code and see what’s what.
m

millions-soccer-19656

02/22/2019, 10:24 PM
@lemon-wall-81522 you can also add them via
pulumi config set
, and they vary by stack.
Copy code
pulumi config set aws:region us-east-1
pulumi config set aws:profile someprofile.role
l

lemon-wall-81522

02/22/2019, 10:28 PM
Good idea. The only thing I’m using that for right now is specify a region.