https://pulumi.com logo
Join Slack
Powered by
Can anyone help me debug this?
# general
w
Can anyone help me debug this?
l
Have you searched your code, config etc. for that number? Any chance it's been hard-coded and typo-ed?
w
Thanks! I searched everywhere. This is an account ID that I never seen.
I also generated a new AWS access token, still having the same issue.
l
Hmm.. do you create an aws.Provider in your code? Maybe it has a wrong parameter being passed to it?
w
No I didn't, but I have 
.aws/credentials
and 
.aws/config
in my home folder.
This might be a clue
Copy code
aws:dynamodb:Table (documents_api-dev-templateRules):                                                                                                                                     
9206     error: 1 error occurred:                                                                                                                                                                
9207         * updating urn:pulumi:dev::documents_api::aws:dynamodb/table:Table::documents_api-dev-templateRules: error deleting DynamoDB Table (documents_api-dev-templateRules-baed8a8) Global      Secon                                                                                                                                                                                       
9208 dary Index (templateType-index): AccessDeniedException: User: arn:aws:sts::228886564947:assumed-role/AmazonLightsailInstanceRole/i-04f5fe371a036054d is not authorized to perform: dynamodb:     Updat                                                                                                                                                                                       
9209 eTable on resource: arn:aws:dynamodb:us-west-2:228886564947:table/documents_api-dev-templateRules-baed8a8                                                                                   
9210         status code: 400, request id: CAKO3PQ28DSCQM6FTMIVDT5VAJVV4KQNSO5AEMVJF66Q9ASUAAJG
Copy code
AccessDeniedException: User: arn:aws:sts::228886564947:assumed-role/AmazonLightsailInstanceRole/i-04f5fe371a036054d
I am doing the deployment on a Lightsail instance.. Looks like it's using the instance role instead of the AWS account in 
.aws
folder.
l
Oh, it shouldn't do that. instance role is the lowest priority...
Maybe it's not running as the user you think it is?
I've done that...
w
Good guess!
l
?
w
I tried the aws cli command, and it uses the correct credentials provided int the 
.aws
folder.
I guess the AWS cli is able to find the config in 
.aws
folder, but pulumi isn't.
The AWS profile setting might be broken.
Copy code
config:
   aws:profile:
Pulumi version 3.2.1
I am using docker and the AWS config is installed in 
/root/.aws
l
Are you running pulumi using the root user? (Ideally you wouldn't, but that's not causing this problem.) If you're running as another use, then it won't using those creds. Are you setting aws:profile to blank? I don't know what that would do. Maybe set it to default? Or just don't set it?
w
yes, I am running as root inside docker. I also tried outside of docker as a non-root user. But I am seeing the same problem.
removing the aws:profile will select the default was configuration, which will cause the same issue.
l
So what profile does it need to be? Can you set it properly?
10 Views
Open in Slack
PreviousNext
Powered by