This message was deleted.
# awss
sparse-intern-71089
02/02/2023, 11:31 AMThis message was deleted.
a
average-table-75151
02/02/2023, 11:31 AM Copy code
➜ ~ pulumi about
CLI
Version 3.49.0
Go Version go1.19.3
Go Compiler gc
Plugins
NAME VERSION
aws 5.24.0
aws 5.24.0
cloudflare 3.6.0
cloudflare 3.3.0
datadog 3.3.0
datadog 3.3.0
docker 3.6.1
docker 3.0.0
kafka 3.4.0
kafka 3.0.1
kubernetes 3.6.0
kubernetes 3.6.0
mysql 3.1.0
mysql 3.0.0
nodejs unknown
okta 3.17.0
okta 3.0.0
pagerduty 2.2.0
pagerduty 2.1.1
postgresql 3.6.0
postgresql 3.6.0
rabbitmq 3.2.0
rabbitmq 3.0.0
random 4.10.0
random 4.2.0
spotinst 3.8.0
spotinst 3.8.0
tls 4.8.0
tls 4.0.0
Host
OS amazon
Version 2
Arch x86_64
This project is written in nodejs: executable='~/.nvm/versions/node/v14.21.0/bin/node' version='v14.21.0'm
millions-furniture-75402
02/02/2023, 1:58 PMHave you validated the credentials with the aws CLI?
Copy code
aws --profile my-profile sts get-caller-identitya
average-table-75151
02/02/2023, 2:11 PM@millions-furniture-75402 yes of course. Also it works if i put back the env vars.
m
millions-furniture-75402
02/02/2023, 2:11 PMWhere are you storing your state, the Pulumi cloud or s3?
a
average-table-75151
02/02/2023, 2:11 PMPulumi cloud
m
millions-furniture-75402
02/02/2023, 2:11 PMDoes your profile use MFA or SSO?
a
average-table-75151
02/02/2023, 2:12 PMSSO
m
millions-furniture-75402
02/02/2023, 2:12 PMWhat version of the aws provider are you using?
a
average-table-75151
02/02/2023, 2:12 PMAgain, it works with the exact same creds with the env vars
average-table-75151
02/02/2023, 2:12 PM Copy code
aws 5.24.0m
millions-furniture-75402
02/02/2023, 2:13 PMCan you share an example of your aws profile configuration?
millions-furniture-75402
02/02/2023, 2:15 PMDetails: no valid credential sources for found.a
average-table-75151
02/02/2023, 2:15 PMSure:
Copy code
[my-profile]
aws_access_key_id = xxxxxxxxxxxxxx
aws_secret_access_key = xxxxxxxxxxxxxx
aws_session_token = xxxxxxxxxxxxxx
aws_security_token = xxxxxxxxxxxxxxm
millions-furniture-75402
02/02/2023, 2:15 PMI asked about MFA and SSO because the Pulumi AWS Provider (non-native, based on the terraform provider) lacks support for some of the AWS profile properties.
a
average-table-75151
02/02/2023, 2:16 PMOh i see. But then comes the question - what's the difference between using env vars and pulumi config for the provider?
m
millions-furniture-75402
02/02/2023, 2:17 PMI suppose if there are other AWS_ variables in your environment, with the latest major AWS provider, the profile takes precedence over them.
millions-furniture-75402
02/02/2023, 2:18 PMNot sure that's what's going on here though
millions-furniture-75402
02/02/2023, 2:18 PMmillions-furniture-75402
02/02/2023, 2:19 PMAre you using aws-vault by chance?
a
average-table-75151
02/02/2023, 2:21 PMNot using aws-vault
average-table-75151
02/02/2023, 2:23 PMAlso verified no other
AWS_m
millions-furniture-75402
02/02/2023, 2:27 PMWhy do you have
aws_security_tokenaws_session_tokenm
melodic-tomato-39005
02/02/2023, 4:24 PMThe env variables and the config should be exactly equivalent. The fact that setting
skipCredentialsValidationa
average-table-75151
02/02/2023, 6:29 PM@melodic-tomato-39005 Not sure i understand that...
m
melodic-tomato-39005
02/02/2023, 6:57 PMDoes
pulumi stack lsupconfig seta
average-table-75151
02/02/2023, 7:04 PMOh no. In this case we have 1 stack for this project so definitely it applies correctly. I have also moved some more providers creds from env vars to pulumi config but only with AWS profile i had an issue.
m
melodic-tomato-39005
02/02/2023, 7:04 PMThis might actually be a bug then. A pretty bad one. Let me try to reproduce.
🙏 1
melodic-tomato-39005
02/02/2023, 7:05 PMat least you have the env var workaround
a
average-table-75151
02/02/2023, 7:05 PMThat's true
m
millions-furniture-75402
02/02/2023, 9:35 PMHave you tried removing the
aws_security_token3 Views