This message was deleted.

I tried running

aws sts get-caller-identity

just before

pulumi up

and it does in fact return the expected role. And I can see in the Pulumi diagnostics page for this update that the

sts:GetCallerIdentity

also return the same role so I feel confident that the credentials are being loaded properly (no profile, just env vars)

Did you recently upgrade your aws provider to the new MAJOR release?

Yes, I did

Assuming you're using the aws classic provider, the behavior of the underlying terraform provider has changed.

Yea i have a mix of both classic and native

Among other breaking changes, essentially if you have a profile that's used, but you're trying to use environment variables to override, that won't work any longer.

we're setting env vars for

AWS_ACCESS_KEY_ID

and

AWS_SECRET_ACCESS_KEY

Do you also have

aws:region

in your Stack config?

yes i do, and also

aws-native:region

Try deleting

aws:region

and try using

AWS_PROFILE

as an environment variable and see if that works

Ok will try, thanks for the tip and the info about the tf provider

Thanks again for pointing me in the right direction. I was unable to get this working even after removing the config and trying to use the env vars instead. When I did that, i was able to resolve the initial problem above but that created a new problem that was complaining about not having a region set for

awslogs

on my ECS tasks (even though I was never even customizing the logConfiguration). Simplest solution was to just downgrade to an older version of the aws package for now

Are you using

aws.sdk

at all?