https://pulumi.com logo
Join Slack
Powered by
Is there any kind of limitation on aws authenticat...
# aws
m
Is there any kind of limitation on aws authentication which might cause me to see issues where using many providers would fail where specific providers are unable to "find aws token" but others, with identical configuration - just different defaultTags - be fine? Context: I create a new aws provider for resources under each "Service" (a component resource). Want to move to a stack per service soon but not prioritised.
Re-running after I let this 
destroy
finish results in a success. Presumably because this provider is able to get created earlier. Hence I am asking if there is some limitation I'm unaware of
m
Any of them role-based access with MFA?
I'm also curious if you've explicitly defined the region
r
If the credentials are being sourced from an IAM Role on an Ec2/Fargate/Lambda instance, then you may be rate-limited by the AWS Metadata service, though I'm unsure if that applies in your case
m
Region is defined explicitly 
{region: aws.config.requireRegion()}
and does require MFA
g
Real quick so I've got a bit more info to pass along to some of our internal folks: Are you only seeing this with specific commands (e.g., 
pulumi destroy
and 
pulumi up
but not 
pulumi refresh
), or is it happening with any command? Also, can you share a sample snippet of a working provider and a non-working one, if you can do that without sharing any sensitive data? I was rooting around in our issues, and I came across one where setting a 
profile
option in the provider code would set off that one provider, but I thought it was fixed: https://github.com/pulumi/pulumi-aws/issues/252#issuecomment-892533247
2 Views
Open in Slack
PreviousNext
Powered by