# aws


01/16/2022, 9:30 PM
I'm working on a project that uses (as far as I can tell) only the default AWS provider, configured in the default manner. When I use env vars AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY and AWS_SESSION_TOKEN, things work. But when I unset those vars and use only AWS_PROFILE (correctly set it), Pulumi complains with
Copy code
Error: invocation of aws:index/getRegion:getRegion returned an error: unable to discover AWS AccessKeyID and/or SecretAccessKey - see <> for details on configuration
My theory is that because my profile's region and source_profile are configured in ~/.aws/config rather than ~/.aws/credentials, it's not being picked up correctly.
I do remember having to set a variable in the distant past that said "use the config file as well as the credentials file", but I can't remember if that was an AWS thing or a Pulumi thing.
Has anyone got any suggestions for what I can try to get past this?


01/16/2022, 9:35 PM
what's actually in your credentials file? are the keys in there?
the env var you're thinking of is
👍 1


01/16/2022, 9:36 PM
Keys are in creds file in profile X. AWS_PROFILE is set to profile Y, which is defined in confg with source_profile = X (and a role_arn).
That is the var I was thinking of, but it didn't resolve the problem this time.. will try narrowing down the problem to an MCVE.
Solved. I had 2 issues: a profile was defined twice (AWS CLI reported a format error, removing 2nd copy of the profile fixed that); and someone had deleted my IAM role (🙄).