Closed kerruba-milkman closed 1 year ago
This issue looks specific to the AWS provider, so I'll transfer it to that repo and someone will take a look.
Turned out this is not a bug but by default pulumi CLI skip the Metadata API and you need to turn the feature on for each AWS provider used in the program. This is documented here: https://www.pulumi.com/registry/packages/aws/installation-configuration/#authenticating-via-ec2-instance-metadata
I'm closing the ticket
What happened?
We are trying to run the Pulumi CLI from within an EC2 instance and we would like to leverage the EC2 IAM Role to perform the operations without passing any AWS_ACCESS_KEY_ID or AWS_SECRET_ACCESS_KEY credential. From within the EC2 instance I'm totally able to perform AWS operations using the SDK without the need to set a configuration file or credential file, and I can do the same with Terraform. Note that the IAM role has AdministratorAccess for testing purposes
When I try to run a Pulumi program using the Pulumi CLI from within the EC2 instance I get an error instead as Pulumi seems unable to correctly configure the Terraform Provider.
This is the command I'm calling
And this is the error I get:
This is an unexpected behavior since both the AWS CLI and the Terraform CLI works fine relying on the EC2 IAM Role to get temporary credentials.
Expected Behavior
Pulumi CLI is able to use the instance profile provided by EC2 to configure the Terraform Provider and perform the operations from within the EC2 machine without the need for a config/credential file or explicit AWS_ACCESS_KEY_ID/AWS_SECRET_ACCESS_KEY environment variables
Steps to reproduce
pulumi preview
without passing any credential, but just relying on the AWS role inherited from the EC2 instanceOutput of
pulumi about
Additional context
No response
Contributing
Vote on this issue by adding a 👍 reaction. To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).