https://pulumi.com logo
Title
f

flat-appointment-12338

11/04/2022, 3:50 PM
I've started seeing
error: unable to validate AWS credentials
after my ECS task deployments, but they seem to have completed correctly:
awsx:x:ecs:EC2TaskDefinition$aws:ecs/taskDefinition:TaskDefinition (QaWeb)
    error: unable to validate AWS credentials. Make sure you have: 

 	 • Set your AWS region, e.g. `pulumi config set aws:region us-west-2` 
 	 • Configured your AWS credentials as per <https://pulumi.io/install/aws.html> 
 	 You can also set these via cli using `aws configure`.
I tried running
aws sts get-caller-identity
just before
pulumi up
and it does in fact return the expected role. And I can see in the Pulumi diagnostics page for this update that the
sts:GetCallerIdentity
also return the same role so I feel confident that the credentials are being loaded properly (no profile, just env vars)
m

millions-furniture-75402

11/04/2022, 3:52 PM
Did you recently upgrade your aws provider to the new MAJOR release?
f

flat-appointment-12338

11/04/2022, 3:52 PM
Yes, I did
m

millions-furniture-75402

11/04/2022, 3:53 PM
Assuming you're using the aws classic provider, the behavior of the underlying terraform provider has changed.
f

flat-appointment-12338

11/04/2022, 3:53 PM
Yea i have a mix of both classic and native
hmmm so the latest versions are incompatible with the tf providers? Are you aware of any workarounds?
m

millions-furniture-75402

11/04/2022, 3:54 PM
Among other breaking changes, essentially if you have a profile that's used, but you're trying to use environment variables to override, that won't work any longer.
How are you providing your credentials to Pulumi currently?
f

flat-appointment-12338

11/04/2022, 3:55 PM
we're setting env vars for
AWS_ACCESS_KEY_ID
and
AWS_SECRET_ACCESS_KEY
m

millions-furniture-75402

11/04/2022, 3:56 PM
Do you also have
aws:region
in your Stack config?
f

flat-appointment-12338

11/04/2022, 3:56 PM
yes i do, and also
aws-native:region
m

millions-furniture-75402

11/04/2022, 3:57 PM
Try deleting
aws:region
and try using
AWS_PROFILE
as an environment variable and see if that works
f

flat-appointment-12338

11/04/2022, 3:57 PM
Ok will try, thanks for the tip and the info about the tf provider
f

flat-appointment-12338

11/07/2022, 9:28 PM
Thanks again for pointing me in the right direction. I was unable to get this working even after removing the config and trying to use the env vars instead. When I did that, i was able to resolve the initial problem above but that created a new problem that was complaining about not having a region set for
awslogs
on my ECS tasks (even though I was never even customizing the logConfiguration). Simplest solution was to just downgrade to an older version of the aws package for now
m

millions-furniture-75402

11/07/2022, 10:01 PM
Are you using
aws.sdk
at all?