https://pulumi.com logo
Title
n

narrow-house-7133

02/03/2023, 2:30 PM
when trying to work with multiple AWS regions, I get the following error:
❯ pulumi up
Previewing update (project/prod)

View Live: ....

     Type                           Name                  Plan       Info
     pulumi:pulumi:Stack            project-prod             24 messages
 +   ├─ pulumi:providers:aws        aws-us-east-1         create
     └─ aws:cloudwatch:MetricAlarm  project                  1 error


Diagnostics:
  aws:cloudwatch:MetricAlarm (project):
    error: unable to validate AWS credentials.
    Details: no valid credential sources for  found.

    Please see
    for more information about providing credentials.

    Error: failed to refresh cached credentials, no EC2 IMDS role found, operation error ec2imds: GetMetadata, request send failed, Get "<http://169.254.169.254/latest/meta-data/iam/security-credentials/>": dial tcp 169.254.169.254:80: i/o timeout


    Make sure you have:

     	 • Set your AWS region, e.g. `pulumi config set aws:region us-west-2`
     	 • Configured your AWS credentials as per <https://pulumi.io/install/aws.html>
     	 You can also set these via cli using `aws configure`.

  pulumi:pulumi:Stack (project-prod):
    error: [runtime] Running program '/project' failed with an unhandled exception:
    Error: failed to register new resource project [awsx:ecr:Repository]: Resource monitor is terminating
        at Object.registerResource (/project/node_modules/@pulumi/runtime/resource.ts:339:27)
        at new Resource (/project/node_modules/@pulumi/resource.ts:398:13)
        at new ComponentResource (/project/node_modules/@pulumi/resource.ts:891:9)
        at new Repository (/project/node_modules/@pulumi/ecr/repository.ts:69:9)
        at Object.<anonymous> (/project/ecs.ts:45:20)
        at Module._compile (node:internal/modules/cjs/loader:1218:14)
        at Module.m._compile (/project/node_modules/ts-node/src/index.ts:439:23)
        at Module._extensions..js (node:internal/modules/cjs/loader:1272:10)
        at Object.require.extensions.<computed> [as .ts] (/project/node_modules/ts-node/src/index.ts:442:12)
        at Module.load (node:internal/modules/cjs/loader:1081:32)
    error: [runtime] Running program '/project' failed with an unhandled exception:
    Error: failed to register new resource default-vpc [awsx:ec2:DefaultVpc]: Resource monitor is terminating
        at Object.registerResource (/project/node_modules/@pulumi/runtime/resource.ts:339:27)
        at new Resource (/project/node_modules/@pulumi/resource.ts:398:13)
        at new ComponentResource (/project/node_modules/@pulumi/resource.ts:891:9)
        at new DefaultVpc (/project/node_modules/@pulumi/ec2/defaultVpc.ts:52:9)
        at Object.<anonymous> (/project/ecs.ts:16:20)
        at Module._compile (node:internal/modules/cjs/loader:1218:14)
        at Module.m._compile (/project/node_modules/ts-node/src/index.ts:439:23)
        at Module._extensions..js (node:internal/modules/cjs/loader:1272:10)
        at Object.require.extensions.<computed> [as .ts] (/project/node_modules/ts-node/src/index.ts:442:12)
        at Module.load (node:internal/modules/cjs/loader:1081:32)
Here are relevant code snippets:
# Pulumi.prod.yaml
config:
  aws:region: ap-east-1
  ...
pulumi code:
# index.ts
...
const awsUsEast1 = new aws.Provider("aws-us-east-1", { region: "us-east-1" });
const alarm = new aws.cloudwatch.MetricAlarm(
  "project",
  {
    comparisonOperator: "LessThanThreshold",
    evaluationPeriods: 1,
  },
  {
    provider: awsUsEast1,
  }
);
I followed the guide from here: https://www.pulumi.com/blog/deploy-to-multiple-regions/ Note that, my access key has administrator access and without specifying the provider everything works fine. Can someone please assist?
l

little-cartoon-10569

02/04/2023, 7:19 PM
The provider you create is not specifying credentials. You should provide these, otherwise you will have to figure where the AWS code is getting them from. It's best to be explicit
You can explicitly pass in a profile name, access and secret key, or whatever works for you. That will make tracking problems down much easier.
n

narrow-house-7133

02/06/2023, 11:52 AM
that makes sense, thank you, it's resolved now 🙏
is there a way to get the profile name from pulumi config? Background: I have 2 stacks: prod and dev. They use different aws-cli profiles and they are defined in respective yaml files:
# Pulumi.dev.yaml
config:
  aws:profile: dev

# Pulumi.prod.yaml
config:
  aws:profile: prod
to make the above provider work, I need to pass the profile name, but I can't hardcode it in the typescript code. It has to work some thing like:
const awsUsEast1 = new aws.Provider("aws-us-east-1", { region: "us-east-1", profile: pulumi.currentProfile() });
is there such way to get the current aws profile from the current pulumi config?
l

little-cartoon-10569

02/07/2023, 8:50 PM
The Config class takes a parameter, which would be the aws part. So you could do this:
const awsUsEast1 = new aws.Provider("aws-us-east-1", { region: "us-east-1", profile: new pulumi.Config("aws").require("profile")) });
n

narrow-house-7133

02/08/2023, 8:24 AM
nice 👍 I'll give it a try