For some reason I can t update my AWS stack at the moment as

Question

For some reason I can t update my AWS stack at the moment as I just keep getting ```aws ecs Service backend error unable to discover AWS AccessKeyID and or SecretAccessKey see <https pulumi io install aws html> for details on configuration``` even though I have several profiles and for the stack I have the proper AWS profile configured in the yaml file And it seems like it can build and push the docker image but it cannot edit the Fargate task definition or something I am not savvy with either AWS or Pulumi and this is something I ve inherited but I can t wrap my head around this I also followed the linked and repeated the setup and yet nothing EDIT I can t seem to restore the state of whatever it is I ve managed to bork up at all I haven t changed any credentials or keys to begin with so this feels like such a weird curve ball thinking face Any ideas

little-cartoon-10569 · Answer

Since this is a backend issue it won t be using profiles passed to your Pulumi command it will be using the default profile only You need to set `AWS PROFILE` or `AWS ACCESS KEY ID` `AWS SECRET ACCESS KEY` in your environment to configure the backend

cool-glass-63014 · Answer

I noticed that `aws profile` didn t work anymore so I eventually set `AWS ACCESS KEY ID` and `AWS SECRET ACCESS KEY` instead But this will make managing envs more problematic

cool-glass-63014 · Answer

Is it a bug regression or something else I also saw in the docs somewhere that the config key was called `aws native profile` now or something Is this related to the problem

cool-glass-63014 · Answer

And now when I am trying to find the source of what I just claimed like decent person but can only find the one saying `aws profile` <https www pulumi com registry packages aws installation configuration >

cool-glass-63014 · Answer

So maybe it was an earlier version of this page

little-cartoon-10569 · Answer

aws profile won t ever work with backends AWS PROFILE will aws profile configures the default AWS provider but backends are created before providers before the engine gets involved at all

little-cartoon-10569 · Answer

There might be another way to configure the secrets via the backend configuration in Pulumi yaml but I don t know about that I ve always just used the env vars for backend configuration

cool-glass-63014 · Answer

But that doesn t make sense Like it worked before thinking face So do you have an example of a file that won t work vs one that does Like what does backends mean here

cool-glass-63014 · Answer

When deploying production I never used the env variables and the GitHub action also creates a profile in `~ aws credentials` so the GitHub Action also works without the env variables So I m confused as to what you mean with aws profile won t ever work with backends thinking face If I ve declared something weird in my rewrite of the stack that causes this I d like to identify it Other than that the config should be the same regarding AWS itself

little-cartoon-10569 · Answer

Backend means the place where the state file is stored On a local file system in an S3 bucket in the Pulumi service etc

little-cartoon-10569 · Answer

Configuration of the backend is completely separate from configuration of the provider that puts resources into the cloud

cool-glass-63014 · Answer

Okay so if I m not self hosting I m using <http pulumi com|pulumi com> right

cool-glass-63014 · Answer

And just to clarify the `aws ecs Service backend ` refers to our service called `backend` in pulumi and part of what I m up to right now is implementing a naming convention for all Pulumi resources so as to not be able to confuse them between envs if one were to accidentally run this with incorrect AWS credentials `backend` used to be the name for our ECS Cluster Fargate Service Docker Image and much more Now it s going to follow ` lt service gt lt env gt lt aws resource type gt ` instead

cool-glass-63014 · Answer

Anyway being honest the explanation that configuring the backend of Pulumi is separate from configuring the provider that runs the resource migrations is fuzzy to me since I have not changed anything about how I connect to AWS and only actually changed names of my resources and whatnot So if this is the case how do I debug it How do I fix it I ve only seen resources referring to how to run commands that locally affect my `Pulumi lt stack gt yml` files Or using `aws configure` which is a different CLI altogether or the env variables as mentioned earlier

little-cartoon-10569 · Answer

Ah that s important Then I ve lead you down the garden path there ignore all that stuff about backends it s irrelevant

little-cartoon-10569 · Answer

I found an issue or development decision not sure a few days ago where providers were not working when `aws profile` was set correctly but they were working when `AWS PROFILE` was set correctly It turns out that `aws profile` isn t used by default when you re creating your own AWS provider Are you doing that If you are then can you try setting `profile new pulumi Config aws require profile `

cool-glass-63014 · Answer

Nothing changed in terms of the profile provider so it shouldn t be that I ll triple check but I am almost entirely sure hah

cool-glass-63014 · Answer

So to me it felt like a bug because I hadn t touched anything regarding this part of the pulumi stack file