https://pulumi.com logo
#aws
Title
# aws
g

gorgeous-book-77869

02/26/2024, 8:22 PM
i have a pulumi file that does some iam work, assumes a role, and deploys to eks. I run it locally with pulumi up. now I'm trying to deploy it with a Github Action, and I'm creating an iam user for it, but I don't seem to have the right permissions when I run it. given a pulumi file, is there an easy way to see what iam permissions it requires?
l

little-cartoon-10569

02/26/2024, 8:48 PM
If you have it working in one place, you could use IAM Access Adviser (AWS IAM console, User and Role pages) to see what permissions were used by the working user/role.
g

gorgeous-book-77869

02/26/2024, 8:49 PM
did not know about that tool - thanks
l

little-cartoon-10569

02/26/2024, 8:50 PM
Note that if you're created IAM roles and policies and then assuming that role, you can't do that in the same Pulumi project. It would work if the role already exists (i.e. you'd run the project before), but it would fail when deploying the resources for the first time. You should two projects for this scenario.
That is:
pulumi up
might work, but
pulumi destroy ; pulumi up
would fail.