https://pulumi.com logo
d

damp-room-71337

09/10/2019, 9:04 AM
is it not possible to define an AWS profile via
config set
? This:
pulumi config set aws:profile synchronicity
returns
error: failed to load checkpoint: blob (code=Unknown): NoCredentialProviders: no valid providers in chain. Deprecated.
on
pulumi up
, while setting
AWS_PROFILE=
works fine
s

stocky-island-3676

09/10/2019, 9:26 AM
That’s strange, indeed. According to doc, this should work: https://www.pulumi.com/docs/get-started/aws/configure/ Can you reproduce it in a small example and post it here, please?
d

damp-room-71337

09/10/2019, 9:35 AM
sure. In `Pulumi.dev.yaml`:
Copy code
config:
  aws:profile: synchronicity
  aws:region: eu-west-2
in `~/.aws/credentials`:
Copy code
[default]
aws_access_key_id = AKIAI...
aws_secret_access_key = ...

[synchronicity]
aws_access_key_id = AKIA2...
aws_secret_access_key = ...
region = eu-west-2
Copy code
$ pulumi preview
error: failed to load checkpoint: blob (code=Unknown): InvalidAccessKeyId: The AWS Access Key Id you provided does not exist in our records.
Copy code
$ AWS_PROFILE=synchronicity pulumi preview
Previewing update (dev):

     Type                 Name                   Plan     
     pulumi:pulumi:Stack  synchronicity-idm-dev
in `package.json`:
"@pulumi/aws": "^1.1.0"
that’s because it’s (incorrectly) using the
default
profile. It works when I set the
AWS_PROFILE
env var
s

stocky-island-3676

09/10/2019, 9:38 AM
Sorry, I wrote too fast. Sure thing.
What’s in the profiles inside
~/.aws/config
?
d

damp-room-71337

09/10/2019, 9:44 AM
Copy code
[default]
region = eu-west-2
adding this doesn’t make any difference
Copy code
[synchronicity]
region = eu-west-2
s

stocky-island-3676

09/10/2019, 9:52 AM
What if you remove
region = eu-west-2
in the
~/.aws/credentials
file?
d

damp-room-71337

09/10/2019, 9:52 AM
it complains about no region being specified
s

stocky-island-3676

09/10/2019, 9:53 AM
pulumi config set aws:region eu-west-2
. Now?
d

damp-room-71337

09/10/2019, 9:54 AM
no, already have that in
Pulumi.dev.yaml
s

stocky-island-3676

09/10/2019, 9:56 AM
Oh, right. Then that’s strange. Normally, in the
credentials
file, there’s nothing else than
aws_access_key_id
&
aws_secret_access_key
. The other configuration is in the
config
file. So, just to be sure: When you keep the
region = eu-west-2
in the
credentials
file, Pulumi doesn’t complain about “no region specified”. Without it, it does?
d

damp-room-71337

09/10/2019, 10:02 AM
I think the region bit might be a red herring, given I’ve got it set in Pulumi config too?
Copy code
$ cat ~/.aws/credentials
[default]
aws_access_key_id = ...
aws_secret_access_key = ...

[synchronicity]
aws_access_key_id = ...
aws_secret_access_key = ...


$ cat ~/.aws/config
[default]
region = eu-west-2

[synchronicity]
region = eu-west-2


$ cat Pulumi.dev.yaml
config:
  aws:profile: synchronicity
  aws:region: eu-west-2


$ export AWS_PROFILE=
$ pulumi preview
error: failed to load checkpoint: blob (code=Unknown): InvalidAccessKeyId: The AWS Access Key Id you provided does not exist in our records.
could this be because I’m using S3 as the state backend? That’s in the same
synchronicity
account/profile though
s

stocky-island-3676

09/10/2019, 10:05 AM
Good thing to know. Don’t have any experience with the S3 state storage, yet. What’s the message when you return all
default
config at all?
d

damp-room-71337

09/10/2019, 10:06 AM
not sure what you mean?
s

stocky-island-3676

09/10/2019, 10:08 AM
Just delete
[default]
sections in both files.
d

damp-room-71337

09/10/2019, 10:09 AM
Copy code
$ pulumi preview
error: failed to load checkpoint: blob (code=Unknown): MissingRegion: could not find region configuration
that’s with no
[default]
in creds or config, and region specified in
[synchronicity]
config and pulumi stack config
s

stocky-island-3676

09/10/2019, 10:34 AM
Hmm. Now it really seems to be a bug. Does it work with older
@pulumi/aws
packages?
2 Views