https://pulumi.com
Join Slack
i have a pulumi file that does some iam work, assumes a role, and deploys to eks. I run it locally w...
# aws
g
i have a pulumi file that does some iam work, assumes a role, and deploys to eks. I run it locally with pulumi up. now I'm trying to deploy it with a Github Action, and I'm creating an iam user for it, but I don't seem to have the right permissions when I run it. given a pulumi file, is there an easy way to see what iam permissions it requires?
l
If you have it working in one place, you could use IAM Access Adviser (AWS IAM console, User and Role pages) to see what permissions were used by the working user/role.
g
did not know about that tool - thanks
l
Note that if you're created IAM roles and policies and then assuming that role, you can't do that in the same Pulumi project. It would work if the role already exists (i.e. you'd run the project before), but it would fail when deploying the resources for the first time. You should two projects for this scenario.
That is: 
pulumi up
might work, but 
pulumi destroy ; pulumi up
would fail.
2 Views
Open in Slack
PreviousNext
Powered by

Pulumi Community

No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Powered by