Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

CLI hangs at sts:GetCallerIdentity when temporary AWS credentials exist but are expired

See original GitHub issue

Where there are no AWS access keys in my shell environment, running pulumi up pretty much immediately errors out with error: unable to discover AWS AccessKeyID and/or SecretAccessKey. But when AWS access keys exist but had expired, it just hangs (for at least several minutes) at trying sts:GetCallerIdentity from what I can tell from the debug output (which I have now lost 😨 ), however without debug on it just looks like it’s doing normal planning forever. Ideally it quickly determines the credentials are invalid and informs the user.

Pulumi: v1.6.1 Pulumi AWS: v1.13.0

Issue Analytics

State:
Created 4 years ago
Reactions:5
Comments:10 (6 by maintainers)

Top GitHub Comments

2reactions

lukehobancommented, Apr 15, 2021

Re-opening as this is still an issue that Pulumi users hit somewhat regularly, and we will likely want to find a way to workaround the upstream issues here.

1reaction

lukehobancommented, Mar 12, 2020

The second two issues above have been fixed, which will reduce the likelihood of hitting this for unexpected reasons.

The core behaviour of hanging on expired credentials is due to upstream provider behavior - as tracked in https://github.com/terraform-providers/terraform-provider-aws/issues/1351, https://github.com/terraform-providers/terraform-provider-aws/issues/4502, https://github.com/terraform-providers/terraform-provider-aws/issues/9601 and https://github.com/terraform-providers/terraform-provider-aws/issues/12023.

We are considering on diverging on some defaults which may ultimately impact this in https://github.com/pulumi/pulumi-aws/issues/873. I’ll close this issue out for now, and further improvements will be tracked in upstream provider issues and https://github.com/pulumi/pulumi-aws/issues/873.

Top Results From Across the Web

Troubleshoot AWS STS security token expired errors when ...

After temporary credentials expire, they can't be reused. For more information, see Temporary security credentials in IAM.

Troubleshoot running AWS CLI commands on EC2 instances

Temporary credentials expire at the time interval specified during creation. If the credentials for your IAM role are expired, then obtain a new ......

Troubleshooting AWS CLI errors

Diagnose and fix common AWS Command Line Interface (AWS CLI) errors. ... If you receive an error that indicates that a command doesn't...

Requesting temporary security credentials - AWS Identity and ...

If you do not pass this parameter, the temporary credentials expire in one hour. The DurationSeconds parameter from this API is separate from...

Resolve "The security token included in the request is ...

If your instance's date and time aren't set correctly, the AWS credentials are rejected. If your application is running on an Amazon EC2...