sticky-bear-14421
06/15/2021, 11:54 AM// The default provider
current, err := aws.GetCallerIdentity(ctx, nil, nil)
if err != nil {
return err
}
fmt.Println(current.Arn)
This will return the AWS SSO Role, I login to,.// Second provider
intermediateProvider, err := aws.NewProvider(ctx, "intermediateProvider", &aws.ProviderArgs{
AssumeRole: &aws.ProviderAssumeRoleArgs{
RoleArn: pulumi.String(fmt.Sprintf("arn:aws:iam::%s:/roles/intermediateRole", current.AccountId)),
SessionName: pulumi.String("intermediateProviderSession"),
},
Region: pulumi.String(region.Name),
})
if err != nil {
return err
}
And based upon this I again call aws.GetCallerIdentity()
current, err = aws.GetCallerIdentity(ctx, nil, pulumi.Provider(intermediateProvider))
if err != nil {
return err
}
fmt.Println(current.Arn)
peeringProvider, err := aws.NewProvider(ctx, fmt.Sprintf("peeringProvider-%s", peer.Name), &aws.ProviderArgs{
AssumeRole: &aws.ProviderAssumeRoleArgs{
RoleArn: pulumi.String(fmt.Sprintf("arn:aws:iam::%s:role/%s", peer.AccountID, peer.AssumeRoleName)),
SessionName: pulumi.String("PeeringProviderSession"),
},
Region: pulumi.String(region.Name),
}, pulumi.Provider(provider),
)
if err != nil {
fmt.Println(err)
}
current, err = aws.GetCallerIdentity(ctx, nil, pulumi.Provider(peeringProvider))
if err != nil {
return err
}
fmt.Println(current.Arn)
billowy-army-68599
06/15/2021, 12:11 PMsticky-bear-14421
06/15/2021, 12:12 PMbillowy-army-68599
06/15/2021, 12:13 PMpulumi.Provider(provider),
I believe this should be:
pulumi.Provider(intermediateProvider),
sticky-bear-14421
06/15/2021, 12:14 PMbillowy-army-68599
06/15/2021, 12:15 PMsticky-bear-14421
06/15/2021, 12:16 PMerror: program failed: 1 error occurred:
* rpc error: code = Unknown desc = invocation of aws:index/getCallerIdentity:getCallerIdentity returned an error: 1 error occurred:
* error configuring Terraform AWS Provider: IAM Role (arn:aws:iam::123456789012:/roles/intermediateRole) cannot be assumed.
There are a number of possible causes of this - the most common are:
* The credentials used in order to assume the role are invalid
* The credentials do not have appropriate permission to assume the role
* The role ARN is not valid
Error: NoCredentialProviders: no valid providers in chain. Deprecated.
For verbose messaging see aws.Config.CredentialsChainVerboseErrors
exit status 1
billowy-army-68599
06/15/2021, 12:18 PMsticky-bear-14421
06/15/2021, 12:20 PMbillowy-army-68599
06/15/2021, 12:23 PMsticky-bear-14421
06/15/2021, 12:25 PMbillowy-army-68599
06/15/2021, 12:27 PMgo run
in the background, you can build the binary and point to it in your Pulumi.yaml
see runtime.binary here: https://www.pulumi.com/docs/reference/pulumi-yaml/sticky-bear-14421
06/15/2021, 12:28 PM❯ ./peering
error: program failed: missing project name
billowy-army-68599
06/15/2021, 12:31 PMpulumi.yaml
look like?sticky-bear-14421
06/15/2021, 12:32 PM❯ cat Pulumi.yaml
name: infrastructure
runtime: go
description: VPC Peering
options:
binary: peering
billowy-army-68599
06/15/2021, 12:35 PMruntime:
name: go
options:
binary: peering
sticky-bear-14421
06/15/2021, 12:45 PM