ecs.FargateService not passing credentials properly

[jonatcorus]

With the following:

const
    cfg = new pulumi.Config(),
    profile = cfg.require('profile'),
    region = aws.config.requireRegion(),
    provider = new aws.Provider('main-provider', { profile: profile, region: region }),
    opts = { provider: provider },
    name = pulumi.getStack(),

    ecrRepo = new awsx.ecr.Repository(`${name}-ecr-repo`, {
    }, opts),
    image = ecrRepo.buildAndPushImage("./lab"),
    httpListener = new awsx.lb.ApplicationListener(`${name}-http-listener`, {
        port: 80,
        protocol: "HTTP",
    }, opts),

    service = new awsx.ecs.FargateService(`${name}-service`, {
        desiredCount: 1,
        taskDefinitionArgs: {
            containers: {
                web: {
                    image: image,
                    memory: 512,
                    portMappings: [httpListener],
                }
            }
        }
    }, opts)

With config:profile of account1

I run pulumi up -y while my shell is setup with AWS_PROFILE=account2

I get the error:

create aws:ecs/service:Service
 error: 1 error occurred:
        * InvalidParameterException: Identifier is for ID_FOR_ACCOUNT_2. Your accountId is ID_FOR_ACCOUNT_1 "test-service-72f5fa9"

FargateService seems to create all the other resources fine till it gets to aws:ecs/service/Service where it tries to put it in account2.

[komalali]

To set the profile for AWS you need to use pulumi config set aws:profile account1.

Edit: At closer inspection, I realize that you are actually setting the profile correctly and it appears you are indeed hitting a bug. Thanks for bringing it to our attention.

[mikhailshilkov]

I tested it with 2.1.1 and it works fine with the following repro:

import * as aws from "@pulumi/aws";
import * as awsx from "@pulumi/awsx";
import * as ecs from "@pulumi/awsx/ecs";
import * as classic from "@pulumi/awsx/classic";

const provider = new aws.Provider('main-provider', { region: "eu-central-1" });
const opts = { provider: provider };

const vpc = classic.ec2.Vpc.getDefault(opts);

const cluster = new classic.ecs.Cluster("cluster", {}, opts);

// Create a load balancer on port 80 and spin up two instances of Nginx.
const lb = new classic.lb.ApplicationListener("nginx-lb", { port: 80 }, opts);
const targetGroup = lb.defaultTargetGroup!.targetGroup;

const fargateTask = new ecs.FargateTaskDefinition("fargate-task", {
    container: {
        image: "nginx:latest",
        name: "nginx",
        cpu: 512,
        memory: 128,
        essential: true,
        portMappings: [{ targetGroup }],
    },
}, opts);

const service = new ecs.FargateService("my-service", {
    cluster: cluster.cluster.arn,
    taskDefinition: fargateTask.taskDefinition.arn,
    loadBalancers: fargateTask.loadBalancers,
    networkConfiguration: {
        subnets: vpc.publicSubnetIds,
        assignPublicIp: true,
    },
}, opts);

// Export the load balancer's address so that it's easy to access.
export const url = lb.endpoint.hostname;