No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

Related questions - what is typical practice for *local* development environment's access? We use sso for auth to aws in local environment. I'm thinking allowing those sso principals to assume to a role that only has *read* access to aws resources. That would allow developers to `pulumi preview` but not `up` or `destroy`. Then in CI, setup roles to have full admin permissions. Any general advices?

Try to avoid full admin permissions. If you have the bandwidth, start off with read-only access and add read-write policies as and when they're needed.

Also, prefer OIDC for the CI part of the process. It's great :slightly_smiling_face: