No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

Yep.  I have this exact problem.  It's being tracked here:

<https://github.com/pulumi/pulumi/issues/4665>

yuck. Ok was hoping this would work since I am putting this in a pipeline to manage multiple accounts..

I mean technically I could within the program to an STS Assume role, but that is extra code that really shouldnt be needed.

meh then you add a bunch of extra code cause pulumi doesn't recognize it

just out of interest, does it work with the `AWS_PROFILE` environment variable?

the linked issue is related to the secrets providers, which is a slightly different issue than the engine execution

<@UCWG26BH7> no I tried both setting just Environment Variable and aws:profile, then also setting both

I have a similar setup and it seems to work fine

I can manually using the same config do an STS:Assume Role call and get back temp creds. Just Pulumi isn't recognizing the Profile to assume

Untitled

Can you open an issue in Pulumi/pulumi for this, I’d like to track it

I’m also assuming you’re using the aws provider?

<https://github.com/pulumi/pulumi/issues/4689>

image.png

I think I am hitting the same issue. Fresh Pulumi / awscli installed. I have profiles configured correctly, and the Pulumi stack configured to use a working profile. Consistently seeing:

You should print the getcallidentity accountid see if you are working in the expected account <@UP51H4VFZ> 

<@U011HRS1HTQ>
Attempting to call `aws.getCallerIdentity` fails with the same error as above:

The `pulumi diagnostic` line prints out the named profile I want to use, which confirms to me that Pulumi knows about the named profile configured, but it does not seem to be using it.

Using that named profile with aws-cli directly works fine ala: `aws s3 ls --profile=<profile name>`

Happy to try other things to help debug.

Im going to start looking at this again today, try to figure out if maybe I am doing something wrong and comment on the github issue if I find anything.

<@UCWG26BH7> I put in place a work around with aws-vault, not ideal, but it works. <@UP51H4VFZ>

thanks, I didn't get time to look at this yet, but would appreciate a comment on the issue with your workaround