I'm working on a project that uses (as far as I ca...
# awsl
little-cartoon-10569
01/16/2022, 9:30 PMI'm working on a project that uses (as far as I can tell) only the default AWS provider, configured in the default manner. When I use env vars AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY and AWS_SESSION_TOKEN, things work. But when I unset those vars and use only AWS_PROFILE (correctly set it), Pulumi complains with
Copy code
Error: invocation of aws:index/getRegion:getRegion returned an error: unable to discover AWS AccessKeyID and/or SecretAccessKey - see <https://pulumi.io/install/aws.html> for details on configurationlittle-cartoon-10569
01/16/2022, 9:31 PMMy theory is that because my profile's region and source_profile are configured in ~/.aws/config rather than ~/.aws/credentials, it's not being picked up correctly.
little-cartoon-10569
01/16/2022, 9:31 PMI do remember having to set a variable in the distant past that said "use the config file as well as the credentials file", but I can't remember if that was an AWS thing or a Pulumi thing.
little-cartoon-10569
01/16/2022, 9:32 PMHas anyone got any suggestions for what I can try to get past this?
b
billowy-army-68599
01/16/2022, 9:35 PM
what's actually in your credentials file? are the keys in there?
billowy-army-68599
01/16/2022, 9:35 PM
the env var you're thinking of is
AWS_SDK_LOAD_CONFIG=1👍 1
l
little-cartoon-10569
01/16/2022, 9:36 PMKeys are in creds file in profile X. AWS_PROFILE is set to profile Y, which is defined in confg with source_profile = X (and a role_arn).
little-cartoon-10569
01/16/2022, 9:38 PMThat is the var I was thinking of, but it didn't resolve the problem this time.. will try narrowing down the problem to an MCVE.
little-cartoon-10569
01/16/2022, 10:01 PMSolved. I had 2 issues: a profile was defined twice (AWS CLI reported a format error, removing 2nd copy of the profile fixed that); and someone had deleted my IAM role (🙄).
6 Views