This message was deleted.
# generals
sparse-intern-71089
05/06/2021, 11:29 PMThis message was deleted.
l
little-cartoon-10569
05/06/2021, 11:42 PMHave you searched your code, config etc. for that number? Any chance it's been hard-coded and typo-ed?
w
wide-jackal-86020
05/06/2021, 11:51 PMThanks! I searched everywhere. This is an account ID that I never seen.
wide-jackal-86020
05/06/2021, 11:51 PMI also generated a new AWS access token, still having the same issue.
l
little-cartoon-10569
05/06/2021, 11:53 PMHmm.. do you create an aws.Provider in your code? Maybe it has a wrong parameter being passed to it?
w
wide-jackal-86020
05/06/2021, 11:56 PMNo I didn't, but I have
.aws/credentials.aws/configwide-jackal-86020
05/06/2021, 11:56 PMThis might be a clue
Copy code
aws:dynamodb:Table (documents_api-dev-templateRules):
9206 error: 1 error occurred:
9207 * updating urn:pulumi:dev::documents_api::aws:dynamodb/table:Table::documents_api-dev-templateRules: error deleting DynamoDB Table (documents_api-dev-templateRules-baed8a8) Global Secon
9208 dary Index (templateType-index): AccessDeniedException: User: arn:aws:sts::228886564947:assumed-role/AmazonLightsailInstanceRole/i-04f5fe371a036054d is not authorized to perform: dynamodb: Updat
9209 eTable on resource: arn:aws:dynamodb:us-west-2:228886564947:table/documents_api-dev-templateRules-baed8a8
9210 status code: 400, request id: CAKO3PQ28DSCQM6FTMIVDT5VAJVV4KQNSO5AEMVJF66Q9ASUAAJGwide-jackal-86020
05/06/2021, 11:57 PM Copy code
AccessDeniedException: User: arn:aws:sts::228886564947:assumed-role/AmazonLightsailInstanceRole/i-04f5fe371a036054dwide-jackal-86020
05/06/2021, 11:57 PMI am doing the deployment on a Lightsail instance.. Looks like it's using the instance role instead of the AWS account in
.awsl
little-cartoon-10569
05/06/2021, 11:58 PMOh, it shouldn't do that. instance role is the lowest priority...
little-cartoon-10569
05/06/2021, 11:58 PMMaybe it's not running as the user you think it is?
little-cartoon-10569
05/06/2021, 11:58 PMI've done that...
w
wide-jackal-86020
05/06/2021, 11:59 PMGood guess!
l
little-cartoon-10569
05/06/2021, 11:59 PM?
w
wide-jackal-86020
05/07/2021, 12:09 AMI tried the aws cli command, and it uses the correct credentials provided int the
.awswide-jackal-86020
05/07/2021, 12:10 AMI guess the AWS cli is able to find the config in
.awswide-jackal-86020
05/07/2021, 12:11 AMThe AWS profile setting might be broken.
Copy code
config:
aws:profile:wide-jackal-86020
05/07/2021, 12:16 AMI am using docker and the AWS config is installed in
/root/.awsl
little-cartoon-10569
05/07/2021, 1:47 AMAre you running pulumi using the root user? (Ideally you wouldn't, but that's not causing this problem.) If you're running as another use, then it won't using those creds.
Are you setting aws:profile to blank? I don't know what that would do. Maybe set it to default? Or just don't set it?
w
wide-jackal-86020
05/07/2021, 2:11 AMyes, I am running as root inside docker. I also tried outside of docker as a non-root user. But I am seeing the same problem.
wide-jackal-86020
05/07/2021, 2:11 AMremoving the aws:profile will select the default was configuration, which will cause the same issue.
l
little-cartoon-10569
05/07/2021, 2:22 AMSo what profile does it need to be? Can you set it properly?
10 Views