https://pulumi.com logo
Title
b

brave-pharmacist-67045

08/06/2022, 10:54 AM
Hey 👋 my first from examples Pulumi deployment: https://shirts.whatnick.org/
Not everything went to plan. • Had to pin Pulumi Typescript to 5.5.0 to accept AWS credentials from profile • CloudFront failed to create, had to provision manually and link to S3 bucket , Certificate and Route 53 • My security spidy sense went haywire since I had to give very broad IAM to make the deploy work. The example should come with a deployment user IAM with least-priviledge Ping @steep-sunset-89396 for visibility
s

steep-sunset-89396

08/06/2022, 11:00 AM
Hey Tisham. On CloudFront, S3, R53 and ACM, this should work as expected I believe. I have some code that ran correctly not long ago so I can confirm that on Monday.
❤️ 1
Re deployment / credentials... This is always tricky because the process of narrowing down the permissions is definitely difficult. Not to mention it could/will impair you each time you want to add a new service that's not in your IAM scope. Which loops back to...
b

brave-pharmacist-67045

08/06/2022, 11:01 AM
No rush, I am revamping our infracode work. And this is the easiest and public way to make sure some bits work as planned
s

steep-sunset-89396

08/06/2022, 11:02 AM
Credentials: Short lived credentials are the way to go, and so it should work with AWS profiles. Could you send us more details about your set up please? Also, the output for
pulumi about
b

brave-pharmacist-67045

08/06/2022, 11:04 AM
Downgrading as recommended fixed it. Again no rush chat Monday.
s

steep-sunset-89396

08/06/2022, 11:05 AM
Sure. On my end, AWS profile and short lived credentials work just fine.
Have a good night 🙂