Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Terraform AWS provider SharedConfigErr with AWS SSO
See original GitHub issueHello,
Since this morning, I am unable to deploy to AWS, getting the following error message:
error configuring Terraform AWS Provider: Error creating AWS session: SharedConfigErr: only one credential type may be specified per profile: source profile, credential source, credential process, web identity token, or sso
EDIT: Sample repo available: https://github.com/edalongeville/pulumi_sample_credentials
My environment:
AmazonLinux Python 3.8.7 Poetry used to install python dependencies Pulumi 2.19.0 installed using brew Pulumi-aws 3.26.1
Steps:
These steps have been tested on both an existing project (stack already deployed) and a new one.
After running poetry install and ensuring my .venv is enabled, I navigate to my pulumi python project and run poetry run pulumi up. I get the following, as expected:
(.venv) [linuxbrew@8b00ad41377e test]$ poetry run pulumi up
[...]
Type Name Plan Info
+ pulumi:pulumi:Stack test-staging create
└─ aws:s3:Bucket my-bucket 1 error
Diagnostics:
aws:s3:Bucket (my-bucket):
error: 1 error occurred:
* error configuring Terraform AWS Provider: no valid credential sources for Terraform AWS Provider found.
Please see https://registry.terraform.io/providers/hashicorp/aws
for more information about providing credentials.
Error: NoCredentialProviders: no valid providers in chain. Deprecated.
For verbose messaging see aws.Config.CredentialsChainVerboseErrors
I then login using aws sso login. This is the content of my ~/.aws/config:
[default]
sso_start_url = https://<COMPANY>.awsapps.com/start
sso_account_id = <MY_AWS_ACCOUNT_ID>
sso_role_name = AWSAdministratorAccess
sso_region = eu-west-1
region = eu-west-1
output = json
credential_process = aws-sso-credential-process --profile default
From here, I attempt a poetry run pulumi up again, and get:
(.venv) [linuxbrew@8b00ad41377e test]$ poetry run pulumi up
[...]
Type Name Plan Info
+ pulumi:pulumi:Stack test-staging create
└─ aws:s3:Bucket my-bucket 1 error
Diagnostics:
aws:s3:Bucket (my-bucket):
error: 1 error occurred:
* error configuring Terraform AWS Provider: Error creating AWS session: SharedConfigErr: only one credential type may be specified per profile: source profile, credential source, credential process, web identity token, or sso
This is were I’m stuck. I have attempted rolling back pulumi to 2.18.2 and pulumi-aws to 3.25.1 (latest versions for which the deployment worked). I have also ensured that I had no env var configured for AWS.
Could you please help me investigate this further?
Issue Analytics
- State:
- Created 3 years ago
- Reactions:2
- Comments:8 (5 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
@shousper In the above, it looks like the access issue is for your state in an S3 backend instead of the actual configuration for the provider itself? Any chance you’re using a pre-v2.23.0 version of Pulumi? Up until v2.23.0, the version of
go-cloudused didn’t have support for AWS SSO in the underlying AWS SDK.I had some leftover credentials in my ~/.aws folder since I am also now using SSO. Once I deleted those credentials and only logged in using SSO everything started working again.