Is there any kind of limitation on aws authentication which might cause me to see issues where using many providers would fail where specific providers are unable to "find aws token" but others, with identical configuration - just different defaultTags - be fine? Context: I create a new aws provider for resources under each "Service" (a component resource). Want to move to a stack per service soon but not prioritised.

Any of them role-based access with MFA?

If the credentials are being sourced from an IAM Role on an Ec2/Fargate/Lambda instance, then you may be rate-limited by the AWS Metadata service, though I'm unsure if that applies in your case

Region is defined explicitly

{region: aws.config.requireRegion()}

and does require MFA

Real quick so I've got a bit more info to pass along to some of our internal folks: Are you only seeing this with specific commands (e.g.,

pulumi destroy

and

pulumi up

but not

pulumi refresh

), or is it happening with any command? Also, can you share a sample snippet of a working provider and a non-working one, if you can do that without sharing any sensitive data? I was rooting around in our issues, and I came across one where setting a

profile

option in the provider code would set off that one provider, but I thought it was fixed: https://github.com/pulumi/pulumi-aws/issues/252#issuecomment-892533247