billions-battery-73370
07/17/2021, 4:37 AM<http://app.pulumi.com|app.pulumi.com>
is currently infinitely loading on chrome - tried clearing cookies, using incognito and safari still getting no page load
2. I’ve recently switched from storing stack state in my own s3 bucket to using the pulumi app under a new org
a. Not sure if its related but on the new stack I’m unable use aws.Provider
to assume a role into another account. Just get NoCredentialsProvider
error. I’ve literally tried copying code from the other stack and its just not working.
i. env vars are good ✅
ii. role to be assumed exists ✅
iii. access keys are trusted to assume the role ✅
iv. then I’ve tried multiple accounts and multiple roles 🙅
b. is there something different about how credentials are handled when the stack is hosted on app.pulumi.com vs own s3?
c. issue here https://github.com/pulumi/pulumi/issues/7552
Context: I’m currently in the process of assessing pulumi for use with my team would love to get these first steps unblocked asap so can test k8s deployments across multiple accounts<http://app.pulumi.com|app.pulumi.com>
seems to be backbillowy-army-68599
pulumi config set aws:secretKey <key> --secret
You'll then be able to read this from config and pass it to the provider like so: https://www.pulumi.com/docs/intro/concepts/config/#codebillions-battery-73370
07/17/2021, 4:50 AMbillowy-army-68599
billions-battery-73370
07/17/2021, 5:01 AMconst awsConfig = new pulumi.Config("aws");
const provider = new aws.Provider(`account-provider`, {
accessKey: awsConfig.require("accessKey"),
secretKey: awsConfig.require("secretKey"),
region: awsConfig.require("region") as aws.Region,
assumeRole: {
roleArn: pulumi.interpolate`arn:aws:iam::${accountId}:role/OrganizationAccountAccessRole`,
},
});
OrganizationAccountAccessRole
in child accounts ordinarily* error configuring Terraform AWS Provider: IAM Role (arn:aws:iam::288XXXXX577:role/OrganizationAccountAccessRole) cannot be assumed.
Pulumi.prod.yaml
config:
aws:accessKey:
secure: AAABAIHDr2+XXXXXXXXXXXXXXXXXXX7MGy6X0Uy45v5CTEQyBXR8uVWODYvg==
aws:region: us-east-1
aws:secretKey:
secure: AAABANatex3YxZzzjVXXXXXXXXXXXXXXXXXXXXXX3LFiuiBVGNQsALLhDnTWIRtsD1L10sRR7Dw0iKG2E/k7
billowy-army-68599
billions-battery-73370
07/17/2021, 5:20 AMError: root account cant assume roles
Solution create a user in root account with access keys then try again.. ✅process.env.AWS_ACCESS_KEY_ID
etc.. works as well