Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Error running pulumi-aws in CI environment when assuming a role for credentials
See original GitHub issueThe code would effectively be doing the following:
const provider = new aws.Provider("provider-name", {
skipCredentialsValidation: false,
skipMetadataApiCheck: false,
region: <region name>,
profile: <empty string>,
})
This is working in 3.23.0 but not in 3.29.1 and would be using an IAM Role to get the credentials. The error message is:
error: 1 error occurred:
* error configuring Terraform AWS Provider: no valid credential sources for Terraform AWS Provider found.
Please see https://registry.terraform.io/providers/hashicorp/aws
for more information about providing credentials.
Error: NoCredentialProviders: no valid providers in chain. Deprecated.
For verbose messaging see aws.Config.CredentialsChainVerboseErrors
Issue Analytics
- State:
- Created 3 years ago
- Reactions:5
- Comments:27 (8 by maintainers)
Top Results From Across the Web
Managing AWS Credentials on CI/CD - Part 3 | Pulumi Blog
The following is a set of commands you can run on your CI/CD worker to exchange the low-privilege IAM User credentials for the...
Read more >Troubleshoot IAM assume role errors "AccessDenied" or ...
I tried to assume a cross-account AWS Identity and Access Management (IAM) role. However, I received an error similar to the following:.
Read more >Stop using static cloud credentials in GitHub Actions | lbr.
If you're lucky, your CI/CD pipeline runs in the cloud too, so you never need to define a set of static credentials.
Read more >Work with multiple AWS accounts - Terragrunt
Terragrunt will call the sts assume-role API on your behalf and expose the credentials it gets back as environment variables when running Terraform....
Read more >AWS - Pulumi
The AWS provider must be configured with credentials to deploy and update ... transitiveTagKeys : (Optional) Set of assume role session tag keys...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Hi all
Based on the investigation work by @DavidHe1127 and @leezen, I was able to find that there was indeed a bug in named providers that stopped values being used that were not the default
I was able to fix that in https://github.com/pulumi/pulumi/pull/6496
This work has made it’s way down to the pulumi-aws provider as v3.32.1 and we believe this now means that you can set your values as expected and you should be able to authenticate in an EC2 environment with the iam role.
Your code would need to be something like this:
and it will pick up the creds
I am going to close this issue out BUT IF THERE ARE ANY FURTHER ANOMOLIES then please do comment and we can reopen and investigate further if needed
Thanks again for your patience here and we can’t thank you enough for helping us track down this bug
Paul
Hi @dferretti
If these config values work for you, then I will also add a guide to the README to suggest
### Running Pulumi-Aws in CI environmentsso that others don’t get bittenP.