This message was deleted.
# awss
sparse-intern-71089
02/11/2022, 7:29 PMThis message was deleted.
b
bored-table-20691
02/11/2022, 8:41 PMTwo questions:
1. I assume you can access the AWS CLI normally on this machine with the machine credentials?
2. Are you sure it’s using the right provider/stack you think it’s on?
l
little-soccer-5693
02/11/2022, 9:01 PM1. yes aws CLI works fine
2. can you clarify your question?
b
bored-table-20691
02/11/2022, 9:03 PMIs it possible that the resource you’re creating is either using a different provider (which doesn’t have the skip metadata flag on) or it’s ain different stack from where you set the flag? I doubt this is the issue, but just asking for good measure.
l
little-soccer-5693
02/11/2022, 9:04 PMi use 2 providers in this program, the default one and the one i manually create. my understand is that the default one is supposed to pick up configuration from Pulumi.dev.yaml and in in the one i manually create i'm setting SkipMetadataApiCheck explicitly.
b
bored-table-20691
02/11/2022, 9:07 PMYes. The resource that’s failing - is that the one that is using the default provider or your explicit one?
bored-table-20691
02/11/2022, 9:07 PMBopmatic-wwwcertl
little-soccer-5693
02/11/2022, 9:08 PMexplicit one. i deploy everything i can in us-east-2 but cloudfront requires certs to be in us-east-1. so for that 1 cert i create a provider for us-east-1 and create the cert there explicitly using that provider i manually create
b
bored-table-20691
02/11/2022, 9:11 PMTo be clear, I can’t think of a reason why it’s not working, just thinking through some simple reasons why it may be off.
bored-table-20691
02/11/2022, 9:12 PMWhat does the code for that resource look like?
l
little-soccer-5693
02/11/2022, 9:15 PMcertArgs := &acm.CertificateArgs{DomainName: pulumi.String(domainNames[0]),ValidationMethod: pulumi.String("DNS"),}if len(domainNames) == 2 {certArgs.SubjectAlternativeNames = pulumi.StringArray{pulumi.String(domainNames[1])}}cert, err := acm.NewCertificate(ctx, certName, certArgs, pulumi.Provider(wwwCertProvider))if err != nil {return nil, nil, err}b
bored-table-20691
02/11/2022, 9:17 PMHmmm, I am not sure. Assuming
wwwCertProviderl
little-soccer-5693
02/11/2022, 9:17 PMyes. if i use an IAM user instead of an IAM role attached the the instance everything works fine.
b
bored-table-20691
02/11/2022, 9:18 PMAnd the instance is running the metadata service, presumably?
l
little-soccer-5693
02/11/2022, 9:19 PM$ curl <http://169.254.169.254/latest/meta-data/iam/security-credentials>Pulumi-EC2-Roleb
bored-table-20691
02/11/2022, 9:22 PM👍
bored-table-20691
02/11/2022, 9:22 PMSorry I could not be more help.
l
little-soccer-5693
02/11/2022, 9:22 PMno problem; thanks for taking a look
b
billowy-army-68599
02/11/2022, 9:59 PM
what does
aws sts get-caller-identityl
little-soccer-5693
02/11/2022, 11:39 PM@billowy-army-68599
$ aws sts get-caller-identity{"UserId": "AROAYMJT3EWAONHLETVZT:i-06741991e64dec4fb","Account": "<ACCOUNT_ID_REDACTED>","Arn": "arn:aws:sts::<ACCOUNT_ID_REDACTED>:assumed-role/Pulumi-EC2-Role/i-06741991e64dec4fb"}s
sparse-state-34229
03/29/2022, 4:25 PM@billowy-army-68599 I get this too
sparse-state-34229
03/29/2022, 4:25 PMbut not with terraform
sparse-state-34229
03/29/2022, 4:25 PMwhich doesn’t seem logical
3 Views