I have a security question. What's the recommended practice with AWS to allow for local command-line pulumi usage? I have a dedicated role that I assume in the CI, but I can only assume this role from the runners. What's the recommended approach for command-line, manual intervention (if any)?
d
dry-keyboard-94795
04/19/2024, 10:19 AM
You could grant access for your user to assume the role.
I used to use a tool called aws-vault for using roles in profiles locally, it takes care of setting up environment variables and mfa flows
dry-keyboard-94795
04/19/2024, 10:20 AM
Cloudtail will associate your user with any actions taken for audit purposes
b
brainy-engineer-80091
04/19/2024, 10:22 AM
cool thx. Problem is we are several in the team. But maybe we can have a dedicated account for elevation, will check