# general


02/23/2023, 10:04 AM
Hi there! I'm trying to setup an ssl-certificate for a custom domain, following this guide. Only difference: I use an existing zone (getting it via the zone ID). The whole stack is in eu-west-1, so I created a dedicated provider for us-east-1 (same situation as in the guide). I provide an AWS profile with full admin access and everything else worked fine so far. But as soon as I try to create the cert, Pulumi fails with this message:
Copy code
  aws:acm:Certificate (ssl-cert):
    error: unable to validate AWS credentials.
    Details: no valid credential sources for Pulumi AWS Classic found.

    Please see <>
    for more information about providing credentials.

    Error: failed to refresh cached credentials, no EC2 IMDS role found, operation error ec2imds: GetMetadata, request send failed, Get "<>": dial tcp i/o timeout

    Make sure you have set your AWS region, e.g. `pulumi config set aws:region us-west-2`.
Any ideas what could be the issue here?
After doing more tests I was able to isolate the problem to the custom provider for
. I need to give it the aws-profile of my stack-config:
Copy code
const awsConfig = new pulumi.Config('aws');
const awsProfile = awsConfig.get('profile');

const awsUsEast1 = new aws.Provider('aws-provider-us-east-1', {
  region: 'us-east-1',
  profile: awsProfile,
Would be great to mention this in the "Configuring AWS API Gateway" guide to spare some debugging time for others 😉