Is anyone using `pulumi login` with s3? Need some ...
# generalb
bland-eye-59969
10/15/2019, 6:20 PMIs anyone using
pulumi loginbland-eye-59969
10/15/2019, 6:25 PMI ran
pulumi login <s3://bucket-name>pulumi new aws-python -y Copy code
error: could not create stack: An IO error occurred during the current operation: blob (code=Unknown): AccessDenied: Access Denied
status code: 403,bland-eye-59969
10/15/2019, 6:26 PMI traced the code and seems like coming from here: https://github.com/pulumi/pulumi/blob/5e1c4d31c6b04852628ddd1a3a6f1d293e0301bc/cmd/util.go#L127-L133
c
cool-egg-852
10/15/2019, 6:42 PMDo you have permissions to write to the bucket via the default credentials configured for the aws sdk?
b
bland-eye-59969
10/15/2019, 6:47 PMYes I do. We used to upload multiple files in the same bucket.
c
calm-greece-42329
10/15/2019, 7:16 PMi dont use
pulumi loginPulumi.yamlcalm-greece-42329
10/15/2019, 7:17 PMaside from not being able to set the bucket region in the yaml file, it works very well
b
bland-eye-59969
10/15/2019, 7:32 PMI found the root cause of access denied. We have requirement in our org to pass encryption while uploading objects to s3. I just tried creating new bucket which does not require encryption and pulumi login worked for that bucket.
So...how can I pass
server-side-encryptionpulumi login <s3://bucketname>c
calm-greece-42329
10/15/2019, 7:36 PMsupport should probably be added along with region and maybe some other options? like was done in https://github.com/pulumi/pulumi/pull/2813
calm-greece-42329
10/15/2019, 7:37 PMi was hoping it would be an easy thing to change but the configuration is passed around as a url string in a few places, so providing more metadata isn’t possible without a larger refactoring.
b
bland-eye-59969
10/15/2019, 9:01 PMyeah. I don't know if they have this in their backlog items or not.
bland-eye-59969
10/15/2019, 9:02 PM@white-balloon-205: Any ETA on planning to support passing sever-side-encryption for s3 pulumi login?
187 Views