sparse-intern-71089
02/13/2023, 4:03 PMmelodic-tomato-39005
02/13/2023, 5:27 PMdry-journalist-60579
02/13/2023, 5:38 PMmelodic-tomato-39005
02/13/2023, 5:39 PMdry-journalist-60579
02/13/2023, 5:40 PMv3.54.0
on both… so it’s not thatmelodic-tomato-39005
02/13/2023, 5:40 PMdry-journalist-60579
02/13/2023, 5:41 PMmelodic-tomato-39005
02/13/2023, 5:41 PMdry-journalist-60579
02/13/2023, 6:37 PMdry-journalist-60579
02/13/2023, 7:38 PMmelodic-tomato-39005
02/13/2023, 10:39 PMdry-journalist-60579
02/14/2023, 12:05 AMenv
dry-journalist-60579
02/14/2023, 12:07 AM~/.aws/config
files are identicaldry-journalist-60579
02/14/2023, 12:24 AMdry-journalist-60579
02/14/2023, 12:36 AMmelodic-tomato-39005
02/14/2023, 3:11 AMdry-journalist-60579
02/14/2023, 4:23 AMdry-journalist-60579
02/14/2023, 4:24 AMdry-journalist-60579
02/14/2023, 5:14 AM[profile xxx]
section there is also a [sso-session xxx]
section. The way the cli sets this up just doesn’t seem to work with pulumi up
. Rather, I have to manually go in and make sure it’s in the “legacy” format.
This is the error:
Exception: invoke of aws:iam/getRole:getRole failed: invocation of aws:iam/getRole:getRole returned an error: unable to validate AWS credentials.
Details: loading configuration: profile "<profile-name>" is configured to use SSO but is missing required configuration: sso_region, sso_start_url
E.g. this works:
[profile <profile-name>]
sso_start_url = https://<subdomain>.<http://awsapps.com/start|awsapps.com/start>
sso_region = <region>
sso_account_id = <account-id>
sso_role_name = AWSAdmini<role-name>stratorAccess
region = <region>
output = json
and this doesn’t work:
[profile <profile-name>]
sso_session = <session-name>
sso_account_id = <account-id>
sso_role_name = <role-name>
region = <region>
output = json
[sso-session <session-name>]
sso_start_url = https://<subdomain>.<http://awsapps.com/start|awsapps.com/start>
sso_region = <region>
sso_registration_scopes = sso:account:access
billowy-army-68599
dry-journalist-60579
02/14/2023, 3:29 PM~/.aws/config
manually yields a configuration that works without needing something like https://github.com/jaxxstorm/aws-sso-credsdry-journalist-60579
02/14/2023, 3:30 PMdry-journalist-60579
02/14/2023, 3:32 PMeval $(aws-sso-creds export)
Does it support something like:
AWS_PROFILE=my-profile aws-sso-creds pulumi up
billowy-army-68599
-p
flag - i haven’t considered creating an execution mechanism, but that’s an interesting ideadry-journalist-60579
02/14/2023, 3:47 PMalert-cartoon-12389
04/26/2023, 11:43 PMdry-journalist-60579
04/26/2023, 11:49 PMalert-cartoon-12389
04/26/2023, 11:51 PMdry-journalist-60579
04/26/2023, 11:52 PMalert-cartoon-12389
04/26/2023, 11:53 PMerror: Preview failed: unable to validate AWS credentials.
Details: no valid credential sources for Pulumi AWS Classic found.
alert-cartoon-12389
04/26/2023, 11:54 PMAWS_PROFILE=my-profile pulumi up
But when I try to do pulumi up only it gives me this errordry-journalist-60579
04/26/2023, 11:55 PMalert-cartoon-12389
04/26/2023, 11:57 PMalert-cartoon-12389
04/26/2023, 11:57 PMdry-journalist-60579
04/26/2023, 11:59 PMdry-journalist-60579
04/26/2023, 11:59 PMalert-cartoon-12389
04/27/2023, 12:00 AMdry-journalist-60579
04/27/2023, 12:00 AMdry-journalist-60579
04/27/2023, 12:01 AM