No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

Hey good morning. We are currently storing our pulumi file in an S3 bucket.
This bucket is encrypted using a KMS key.

When running `pulumi login <s3://mybucket>` I get this error:

error: problem logging in: read ".pulumi/meta.yaml": blob (key ".pulumi/meta.yaml") (code=Unknown): AccessDenied: Access Denied
 status code: 403, request id: 8N5AVCW0D0CF17DY, host id: VsmKrytuAAGUIU+pdQ6ZrikCcdD7uGxRru7oauhI+MOgIijUlWxp4YnNtRDptX9c4Z02GSvDcXA=


Im assuming its because the access key that im using needs permissions updated..If this is the case what IAM permissions are needed to perform this ?

You need to be able to read and write files in this bucket. <https://repost.aws/knowledge-center/s3-bucket-access-default-encryption|This AWS post> should have all the info you need. You can test your user's/roles' access <https://docs.aws.amazon.com/cli/latest/reference/s3api/get-object.html|via the CLI> or the AWS console by trying to download the .pulumi/meta.yaml key.