I have a security question. What's the recommended...
# general
I have a security question. What's the recommended practice with AWS to allow for local command-line pulumi usage? I have a dedicated role that I assume in the CI, but I can only assume this role from the runners. What's the recommended approach for command-line, manual intervention (if any)?
You could grant access for your user to assume the role. I used to use a tool called aws-vault for using roles in profiles locally, it takes care of setting up environment variables and mfa flows
Cloudtail will associate your user with any actions taken for audit purposes
cool thx. Problem is we are several in the team. But maybe we can have a dedicated account for elevation, will check