https://pulumi.com logo
#general
Title
# general
r

rich-whale-93740

09/06/2023, 11:13 PM
Related questions - what is typical practice for local development environment's access? We use sso for auth to aws in local environment. I'm thinking allowing those sso principals to assume to a role that only has read access to aws resources. That would allow developers to
pulumi preview
but not
up
or
destroy
. Then in CI, setup roles to have full admin permissions. Any general advices?
l

little-cartoon-10569

09/06/2023, 11:27 PM
Try to avoid full admin permissions. If you have the bandwidth, start off with read-only access and add read-write policies as and when they're needed.
Also, prefer OIDC for the CI part of the process. It's great 🙂