If for the encryption provider, I believe you’d have to have the auth setup locally to work similar to if you were using the

go-sdk

. See: https://www.pulumi.com/docs/intro/concepts/config/#aws-key-management-service-kms. This is separate from the

aws-profile

config value. That value is used for any resources in the stack itself.

I think if you set the profile environment variable like so it should work:

AWS_PROFILE=pa-prod

I do think this seems like a valid point though. It wouldn’t be a bad assumption that if you’re using kms for encryption that it should respect the stack values as well.

setting the profile env variable is producing the same results 😕

can you try to set that as well for the sake of debugging?

Same issue

Just closed my console out and reopened it -- getting a new error now:

error: getting secrets manager: secrets (code=Unknown): InvalidSignatureException: The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.
        status code: 400, request id: 257a0c7f-303e-4a72-8ec8-a83bd6e19e9f

brb rebooting.

ok.. After rebooting setting the ENV variables directly is working

Second attempt is not working - ugh

does that currently work for you?

RIngo "up" works, if I explicitly set the AWS credentials as env variables

FYI - The aforementioned errors were from a powershell prompt The CMD prompt is working differently: Setting AWS_PROFILE=pa-prod

c:\Repos\pa\pa_infrastructure>pulumi up
error: getting secrets manager: secrets (code=Unknown): AccessDenied: User: arn:aws:iam::057043601195:user/pulumi-admin is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::057043601195:role/OrganizationAccountAccessRole
        status code: 403, request id: d634ecf0-d009-48a4-8d23-37ca566e371f