Hi team, I am trying to use minio as the backend of pulumi. I found this issue on GitHub https://github.com/pulumi/pulumi/issues/3592. Following the issue, I am able to run

pulumi stack ls

after logging to minio, fail on

pulumi up

, and

pulumi up --debug

shows some request to

<https://iam.amazonaws.com/doc/2010-05-08/>

. Is there something wrong? My pulumi version is 3.28.0 Here is the error output of

pulumi up

:

error: an unhandled error occurred: program exited with non-zero exit code: 1
 
    error: program failed: 1 error occurred:
        * rpc error: code = Unknown desc = invocation of aws:ec2/getAmi:getAmi returned an error: 1 error occurred:
        * error retrieving account details: AWS account ID not previously found and failed retrieving via all available methods. See <https://www.terraform.io/docs/providers/aws/index.html#skip_requesting_account_id> for workaround and implications. Errors: 2 errors occurred:
        * error calling sts:GetCallerIdentity: operation error STS: GetCallerIdentity, https response error StatusCode: 403, RequestID: 6ec2693b-0916-463f-bdc1-3124a181789a, api error InvalidClientTokenId: The security token included in the request is invalid.
        * failed getting account information via iam:ListRoles: operation error IAM: ListRoles, https response error StatusCode: 403, RequestID: 08187f7f-4c79-4c25-9de8-a782098b5859, api error InvalidClientTokenId: The security token included in the request is invalid.
    exit status 1

@worried-terabyte-60325 how are you setting your access key for Minio? the access key you set in your stack config needs to be different to your access key/secret key for your pulumi program

I set access key like this. Seems like I have a configuration conflict? What's the right approach to pass minio's access key if I want to use aws pprovider? Thanks for quick reply😃.

just to confirm, you're provisioning AWS infrastructure? whats in your pulumi program (the thing that runs when you run

pulumi up

Yes, I am provisioning AWS resources. I try to setup an EC2 instance as a demo.

@worried-terabyte-60325 in that case, the access keys used for state storage are different to the keys use inside the provider (ie, the keys used to create infrastructure) so you'll need to define a profile for talking to MinIO, and then a profile for talking to AWS

Trying right now👍. I tried

AWS_PROFILE=minio

, that didn't work.

that'll only work for talking to MinIO, those keys dont work for aws

Yes, I didn't realize that.

you can also define two different profiles:

[minio]
aws_access_key_id = xxx
aws_secret_access_key = xxx
[aws]
aws_access_key_id = xxx
aws_secret_access_key = xxx

And then do:

pulumi config set aws:profile aws

and then do:

AWS_PROFILE=minio pulumi up

That works, thanks a great lot. I will add a comment to the issue above later, in case someone meets the same problem. I think that's good to mention it in the document. It's a bit obscure for new users to find out.

i already did 🙂

😃You already did.