Thread
#general
    w

    worried-terabyte-60325

    5 months ago
    Hi team, I am trying to use minio as the backend of pulumi. I found this issue on GitHub https://github.com/pulumi/pulumi/issues/3592. Following the issue, I am able to run
    pulumi stack ls
    after logging to minio, fail on
    pulumi up
    , and
    pulumi up --debug
    shows some request to
    <https://iam.amazonaws.com/doc/2010-05-08/>
    . Is there something wrong? My pulumi version is 3.28.0 Here is the error output of
    pulumi up
    :
    error: an unhandled error occurred: program exited with non-zero exit code: 1
     
        error: program failed: 1 error occurred:
            * rpc error: code = Unknown desc = invocation of aws:ec2/getAmi:getAmi returned an error: 1 error occurred:
            * error retrieving account details: AWS account ID not previously found and failed retrieving via all available methods. See <https://www.terraform.io/docs/providers/aws/index.html#skip_requesting_account_id> for workaround and implications. Errors: 2 errors occurred:
            * error calling sts:GetCallerIdentity: operation error STS: GetCallerIdentity, https response error StatusCode: 403, RequestID: 6ec2693b-0916-463f-bdc1-3124a181789a, api error InvalidClientTokenId: The security token included in the request is invalid.
            * failed getting account information via iam:ListRoles: operation error IAM: ListRoles, https response error StatusCode: 403, RequestID: 08187f7f-4c79-4c25-9de8-a782098b5859, api error InvalidClientTokenId: The security token included in the request is invalid.
        exit status 1
    b

    billowy-army-68599

    5 months ago
    @worried-terabyte-60325 how are you setting your access key for Minio? the access key you set in your stack config needs to be different to your access key/secret key for your pulumi program
    w

    worried-terabyte-60325

    5 months ago
    I set access key like this. Seems like I have a configuration conflict? What's the right approach to pass minio's access key if I want to use aws pprovider? Thanks for quick reply😃.
    b

    billowy-army-68599

    5 months ago
    just to confirm, you're provisioning AWS infrastructure? whats in your pulumi program (the thing that runs when you run
    pulumi up
    w

    worried-terabyte-60325

    5 months ago
    Yes, I am provisioning AWS resources. I try to setup an EC2 instance as a demo.
    b

    billowy-army-68599

    5 months ago
    @worried-terabyte-60325 in that case, the access keys used for state storage are different to the keys use inside the provider (ie, the keys used to create infrastructure) so you'll need to define a profile for talking to MinIO, and then a profile for talking to AWS
    right now you have access keys for MinIO defined, and those keys don't exist in AWS
    you'll need to grab some IAM keys and then do:
    pulumi config aws:accessKey <key>
    pulumi config aws:secretKey <key> --secret
    w

    worried-terabyte-60325

    5 months ago
    Trying right now👍. I tried
    AWS_PROFILE=minio
    , that didn't work.
    b

    billowy-army-68599

    5 months ago
    that'll only work for talking to MinIO, those keys dont work for aws
    w

    worried-terabyte-60325

    5 months ago
    Yes, I didn't realize that.
    b

    billowy-army-68599

    5 months ago
    you can also define two different profiles:
    [minio]
    aws_access_key_id = xxx
    aws_secret_access_key = xxx
    [aws]
    aws_access_key_id = xxx
    aws_secret_access_key = xxx
    And then do:
    pulumi config set aws:profile aws
    and then do:
    AWS_PROFILE=minio pulumi up
    that'll work too
    w

    worried-terabyte-60325

    5 months ago
    That works, thanks a great lot. I will add a comment to the issue above later, in case someone meets the same problem. I think that's good to mention it in the document. It's a bit obscure for new users to find out.
    b

    billowy-army-68599

    5 months ago
    i already did 🙂
    w

    worried-terabyte-60325

    5 months ago
    😃You already did.