https://pulumi.com logo
Join Slack
Powered by
AWS Provider settings help! Up until now we have u...
# aws
a
AWS Provider settings help! Up until now we have used env vars to set and use the default AWS provider:
Copy code
export AWS_REGION=xx-xxx-x
export AWS_PROFILE=yyyyy
Now i am trying to use the Pulumi config instead of env vars, so i've added the following settings to the stack's pulumi config:
Copy code
config:
  aws:profile: yyyyy
  aws:region: xx-xxx-x
Now i am getting the following errors:
Copy code
error: unable to validate AWS credentials.
    Details: no valid credential sources for  found.
I tried to add 
skipCredentialsValidation: true
and 
skipMetadataApiCheck: false
but getting the same result. 
pulumi about
added in comments
Copy code
➜ ~ pulumi about
CLI
Version 3.49.0
Go Version go1.19.3
Go Compiler gc

Plugins
NAME VERSION
aws 5.24.0
aws 5.24.0
cloudflare 3.6.0
cloudflare 3.3.0
datadog 3.3.0
datadog 3.3.0
docker 3.6.1
docker 3.0.0
kafka 3.4.0
kafka 3.0.1
kubernetes 3.6.0
kubernetes 3.6.0
mysql 3.1.0
mysql 3.0.0
nodejs unknown
okta 3.17.0
okta 3.0.0
pagerduty 2.2.0
pagerduty 2.1.1
postgresql 3.6.0
postgresql 3.6.0
rabbitmq 3.2.0
rabbitmq 3.0.0
random 4.10.0
random 4.2.0
spotinst 3.8.0
spotinst 3.8.0
tls 4.8.0
tls 4.0.0

Host
OS amazon
Version 2
Arch x86_64

This project is written in nodejs: executable='~/.nvm/versions/node/v14.21.0/bin/node' version='v14.21.0'
m
Have you validated the credentials with the aws CLI?
Copy code
aws --profile my-profile sts get-caller-identity
a
@millions-furniture-75402 yes of course. Also it works if i put back the env vars.
m
Where are you storing your state, the Pulumi cloud or s3?
a
Pulumi cloud
m
Does your profile use MFA or SSO?
a
SSO
m
What version of the aws provider are you using?
a
Again, it works with the exact same creds with the env vars
Copy code
aws 5.24.0
m
Can you share an example of your aws profile configuration?
Details: no valid credential sources for  found.
really odd that the profile name is blank in this message.
a
Sure:
Copy code
[my-profile]
aws_access_key_id = xxxxxxxxxxxxxx
aws_secret_access_key = xxxxxxxxxxxxxx
aws_session_token = xxxxxxxxxxxxxx
aws_security_token = xxxxxxxxxxxxxx
m
I asked about MFA and SSO because the Pulumi AWS Provider (non-native, based on the terraform provider) lacks support for some of the AWS profile properties.
a
Oh i see. But then comes the question - what's the difference between using env vars and pulumi config for the provider?
m
I suppose if there are other AWS_ variables in your environment, with the latest major AWS provider, the profile takes precedence over them.
Not sure that's what's going on here though
Are you using aws-vault by chance?
a
Not using aws-vault
Also verified no other 
AWS_
env vars exists
m
Why do you have 
aws_security_token
and 
aws_session_token
?
m
The env variables and the config should be exactly equivalent. The fact that setting 
skipCredentialsValidation
doesn’t do anything makes me wonder if the config is accidentally applied to a different stack than the program?
a
@melodic-tomato-39005 Not sure i understand that...
m
Does 
pulumi stack ls
show more than one stack? Each 
up
or 
config set
command only applies to a particular stack.
a
Oh no. In this case we have 1 stack for this project so definitely it applies correctly. I have also moved some more providers creds from env vars to pulumi config but only with AWS profile i had an issue.
m
This might actually be a bug then. A pretty bad one. Let me try to reproduce.
at least you have the env var workaround
a
That's true
m
Have you tried removing the 
aws_security_token
from the profile?
3 Views
Open in Slack
PreviousNext
Powered by