I've started seeing `error: unable to validate AWS...
# aws
f
I've started seeing
error: unable to validate AWS credentials
after my ECS task deployments, but they seem to have completed correctly:
Copy code
awsx:x:ecs:EC2TaskDefinition$aws:ecs/taskDefinition:TaskDefinition (QaWeb)
    error: unable to validate AWS credentials. Make sure you have: 

 	 • Set your AWS region, e.g. `pulumi config set aws:region us-west-2` 
 	 • Configured your AWS credentials as per <https://pulumi.io/install/aws.html> 
 	 You can also set these via cli using `aws configure`.
I tried running
aws sts get-caller-identity
just before
pulumi up
and it does in fact return the expected role. And I can see in the Pulumi diagnostics page for this update that the
sts:GetCallerIdentity
also return the same role so I feel confident that the credentials are being loaded properly (no profile, just env vars)
m
Did you recently upgrade your aws provider to the new MAJOR release?
f
Yes, I did
m
Assuming you're using the aws classic provider, the behavior of the underlying terraform provider has changed.
f
Yea i have a mix of both classic and native
hmmm so the latest versions are incompatible with the tf providers? Are you aware of any workarounds?
m
Among other breaking changes, essentially if you have a profile that's used, but you're trying to use environment variables to override, that won't work any longer.
How are you providing your credentials to Pulumi currently?
f
we're setting env vars for
AWS_ACCESS_KEY_ID
and
AWS_SECRET_ACCESS_KEY
m
Do you also have
aws:region
in your Stack config?
f
yes i do, and also
aws-native:region
m
Try deleting
aws:region
and try using
AWS_PROFILE
as an environment variable and see if that works
f
Ok will try, thanks for the tip and the info about the tf provider
f
Thanks again for pointing me in the right direction. I was unable to get this working even after removing the config and trying to use the env vars instead. When I did that, i was able to resolve the initial problem above but that created a new problem that was complaining about not having a region set for
awslogs
on my ECS tasks (even though I was never even customizing the logConfiguration). Simplest solution was to just downgrade to an older version of the aws package for now
m
Are you using
aws.sdk
at all?
952 Views