Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add --profile argument to underlying aws s3 command using pulumi stack config #50

Open
benlucasbeggars opened this issue Aug 9, 2023 · 3 comments
Open

Add --profile argument to underlying aws s3 command using pulumi stack config #50

benlucasbeggars opened this issue Aug 9, 2023 · 3 comments
Labels
kind/enhancement Improvements or new features size/S Estimated effort to complete (1-2 days).

Comments

@benlucasbeggars
Copy link

Hello!

  • Vote on this issue by adding a 👍 reaction
  • If you want to implement this feature, comment to let us know (we'll work with you on design, scheduling, etc.)

Issue details

When running pulumi up using pulumi_synced_folder.S3BucketFolder and aws configure sso, the underlying command is not able to run, could we have the stack configuration aws:profile added on to the end of the aws s3 command such as

aws s3 sync "./builds/server/files" "s3://server-dev2/pulumi/" --acl "private" --region "eu-west-1" --delete --only-show-error --profile aws-profile-name

Affected area/feature
@benlucasbeggars benlucasbeggars added kind/enhancement Improvements or new features needs-triage Needs attention from the triage team labels Aug 9, 2023
@scottslowe scottslowe added size/S Estimated effort to complete (1-2 days). and removed needs-triage Needs attention from the triage team labels Aug 10, 2023
@Dill-Dall
Copy link

Dill-Dall commented Dec 12, 2023
edited

Cheers :)

This impacted me on the ts nodjs version, when I use SSO setup(the only one that has beein impacted by it). It´s a part of the cloudfront distribution template, so quite important.

// Use a synced folder to manage the files of the website.
const bucketFolder = new synced_folder.S3BucketFolder("bucket-folder", {
    path: path,
    bucketName: bucket.bucket,
    acl: "public-read",
}, { dependsOn: [ownershipControls, publicAccessBlock] });

➜  projecta git:(main) ✗ pulumi up                                                                                                                                                                             <aws:foundations-dev-FullAccess>
Enter your passphrase to unlock config/secrets
    (set PULUMI_CONFIG_PASSPHRASE or PULUMI_CONFIG_PASSPHRASE_FILE to remember):
Enter your passphrase to unlock config/secrets
Previewing update (foundations-dev):
     Type                                   Name                           Plan       Info
 +   pulumi:pulumi:Stack                    publishercopy-foundations-dev  create     2 errors
 +   ├─ aws:s3:Bucket                       bucket                         create
 +   ├─ aws:s3:BucketOwnershipControls      ownership-controls             create
 +   ├─ aws:s3:BucketPublicAccessBlock      public-access-block            create
 +   ├─ aws:cloudfront:Distribution         cdn                            create
 +   ├─ synced-folder:index:S3BucketFolder  bucket-folder                  create
     └─ aws:s3:BucketObject                 error.html                                1 error

Diagnostics:
  aws:s3:BucketObject (error.html):
    error: unable to validate AWS credentials.
    Details: loading configuration: profile "foundations-dev-FullAccess" is configured to use SSO but is missing required configuration: sso_region, sso_start_url

    Make sure you have:

     	 • Set your AWS region, e.g. `pulumi config set aws:region us-west-2`
     	 • Configured your AWS credentials as per https://pulumi.io/install/aws.html
     	 You can also set these via cli using `aws configure`.

  pulumi:pulumi:Stack (publishercopy-foundations-dev):
    error: Error: invocation of aws:index/getRegion:getRegion returned an error: unable to validate AWS credentials.
    Details: loading configuration: profile "foundations-dev-FullAccess" is configured to use SSO but is missing required configuration: sso_region, sso_start_url

    Make sure you have:

     	 • Set your AWS region, e.g. `pulumi config set aws:region us-west-2`
     	 • Configured your AWS credentials as per https://pulumi.io/install/aws.html
     	 You can also set these via cli using `aws configure`.


        at Object.callback (/snapshot/pulumi-resource-synced-folder/node_modules/@pulumi/pulumi/runtime/invoke.js:161:33)
        at Object.onReceiveStatus (/snapshot/pulumi-resource-synced-folder/node_modules/@grpc/grpc-js/src/client.ts:338:26)
        at Object.onReceiveStatus (/snapshot/pulumi-resource-synced-folder/node_modules/@grpc/grpc-js/src/client-interceptors.ts:426:34)
        at Object.onReceiveStatus (/snapshot/pulumi-resource-synced-folder/node_modules/@grpc/grpc-js/src/client-interceptors.ts:389:48)
        at /snapshot/pulumi-resource-synced-folder/node_modules/@grpc/grpc-js/src/call-stream.ts:276:24
        at processTicksAndRejections (node:internal/process/task_queues:78:11)
    error: Error: failed to register new resource bucket-folder [synced-folder:index:S3BucketFolder]: 2 UNKNOWN: invocation of aws:index/getRegion:getRegion returned an error: unable to validate AWS credentials.
    Details: loading configuration: profile "foundations-dev-FullAccess" is configured to use SSO but is missing required configuration: sso_region, sso_start_url

    Make sure you have:

     	 • Set your AWS region, e.g. `pulumi config set aws:region us-west-2`
     	 • Configured your AWS credentials as per https://pulumi.io/install/aws.html
     	 You can also set these via cli using `aws configure`.


        at Object.registerResource (/Users/thomas@comp.com/work/pulumi/pulumi-foundations/publishercopy/node_modules/@pulumi/runtime/resource.ts:439:27)
        at new Resource (/Users/thomas@comp.com/work/pulumi/pulumi-foundations/publishercopy/node_modules/@pulumi/resource.ts:507:13)
        at new ComponentResource (/Users/thomas@comp.com/work/pulumi/pulumi-foundations/publishercopy/node_modules/@pulumi/resource.ts:1011:9)
        at new S3BucketFolder (/Users/thomas@comp.com.com/work/pulumi/pulumi-foundations/publishercopy/node_modules/@pulumi/s3bucketFolder.ts:50:9)
        at Object.<anonymous> (/Users/thomas@comp.com.com/work/pulumi/pulumi-foundations/publishercopy/index.ts:34:22)
        at Module._compile (node:internal/modules/cjs/loader:1108:14)
        at Module.m._compile (/Users/thomas@comp.com.com/work/pulumi/pulumi-foundations/publishercopy/node_modules/ts-node/src/index.ts:439:23)
        at Module._extensions..js (node:internal/modules/cjs/loader:1137:10)
        at Object.require.extensions.<computed> [as .ts] (/Users/thomas@comp.com.com/work/pulumi/pulumi-foundations/publishercopy/node_modules/ts-node/src/index.ts:442:12)
        at Module.load (node:internal/modules/cjs/loader:988:32)

Outputs:
    cdnHostname   : output<string>
    cdnURL        : output<string>
    originHostname: output<string>
    originURL     : output<string>
    
    ```

@kondakovdmitry
Copy link

Hello! I am also experiencing this issue.
Basically, following the Pulumi's AWS Static Website instruction doesn't work if you use aws configure sso and aws sso login to manage AWS credentials, which looks like a preferred way nowadays to avoid storing long-term credentials locally (e.g. see here).
The error output is exactly the same as for Dill-Dall above (except for project and profile names).

@kondakovdmitry
Copy link

Have just found out that updating the version of @pulumi/synced-folder from 0.0.9 to 0.11.1 fixes the issue for me.
Made a pull request to update the template for AWS Static Website (TypeScript): pulumi/templates#742

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/enhancement Improvements or new features size/S Estimated effort to complete (1-2 days).
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@scottslowe @kondakovdmitry @Dill-Dall @benlucasbeggars