https://pulumi.com logo
Join Slack
Powered by
is it not possible to define an AWS profile via `c...
# general
d
is it not possible to define an AWS profile via 
config set
? This: 
pulumi config set aws:profile synchronicity
returns 
error: failed to load checkpoint: blob (code=Unknown): NoCredentialProviders: no valid providers in chain. Deprecated.
on 
pulumi up
, while setting 
AWS_PROFILE=
works fine
s
That’s strange, indeed. According to doc, this should work: https://www.pulumi.com/docs/get-started/aws/configure/ Can you reproduce it in a small example and post it here, please?
d
sure. In `Pulumi.dev.yaml`:
Copy code
config:
  aws:profile: synchronicity
  aws:region: eu-west-2
in `~/.aws/credentials`:
Copy code
[default]
aws_access_key_id = AKIAI...
aws_secret_access_key = ...

[synchronicity]
aws_access_key_id = AKIA2...
aws_secret_access_key = ...
region = eu-west-2
Copy code
$ pulumi preview
error: failed to load checkpoint: blob (code=Unknown): InvalidAccessKeyId: The AWS Access Key Id you provided does not exist in our records.
Copy code
$ AWS_PROFILE=synchronicity pulumi preview
Previewing update (dev):

     Type                 Name                   Plan     
     pulumi:pulumi:Stack  synchronicity-idm-dev
in `package.json`: 
"@pulumi/aws": "^1.1.0"
that’s because it’s (incorrectly) using the 
default
profile. It works when I set the 
AWS_PROFILE
env var
s
Sorry, I wrote too fast. Sure thing.
What’s in the profiles inside 
~/.aws/config
?
d
Copy code
[default]
region = eu-west-2
adding this doesn’t make any difference
Copy code
[synchronicity]
region = eu-west-2
s
What if you remove 
region = eu-west-2
in the 
~/.aws/credentials
file?
d
it complains about no region being specified
s
pulumi config set aws:region eu-west-2
. Now?
d
no, already have that in 
Pulumi.dev.yaml
s
Oh, right. Then that’s strange. Normally, in the 
credentials
file, there’s nothing else than 
aws_access_key_id
& 
aws_secret_access_key
. The other configuration is in the 
config
file. So, just to be sure: When you keep the 
region = eu-west-2
in the 
credentials
file, Pulumi doesn’t complain about “no region specified”. Without it, it does?
d
I think the region bit might be a red herring, given I’ve got it set in Pulumi config too?
Copy code
$ cat ~/.aws/credentials
[default]
aws_access_key_id = ...
aws_secret_access_key = ...

[synchronicity]
aws_access_key_id = ...
aws_secret_access_key = ...


$ cat ~/.aws/config
[default]
region = eu-west-2

[synchronicity]
region = eu-west-2


$ cat Pulumi.dev.yaml
config:
  aws:profile: synchronicity
  aws:region: eu-west-2


$ export AWS_PROFILE=
$ pulumi preview
error: failed to load checkpoint: blob (code=Unknown): InvalidAccessKeyId: The AWS Access Key Id you provided does not exist in our records.
could this be because I’m using S3 as the state backend? That’s in the same 
synchronicity
account/profile though
s
Good thing to know. Don’t have any experience with the S3 state storage, yet. What’s the message when you return all 
default
config at all?
d
not sure what you mean?
s
Just delete 
[default]
sections in both files.
d
Copy code
$ pulumi preview
error: failed to load checkpoint: blob (code=Unknown): MissingRegion: could not find region configuration
that’s with no 
[default]
in creds or config, and region specified in 
[synchronicity]
config and pulumi stack config
s
Hmm. Now it really seems to be a bug. Does it work with older 
@pulumi/aws
packages?
2 Views
Open in Slack
PreviousNext
Powered by