Hey :wave: my first from examples Pulumi deploymen...
# generalb
brave-pharmacist-67045
08/06/2022, 10:54 AMHey đ my first from examples Pulumi deployment: https://shirts.whatnick.org/
brave-pharmacist-67045
08/06/2022, 10:57 AMNot everything went to plan.
⢠Had to pin Pulumi Typescript to 5.5.0 to accept AWS credentials from profile
⢠CloudFront failed to create, had to provision manually and link to S3 bucket , Certificate and Route 53
⢠My security spidy sense went haywire since I had to give very broad IAM to make the deploy work. The example should come with a deployment user IAM with least-priviledge
Ping @steep-sunset-89396 for visibility
s
steep-sunset-89396
08/06/2022, 11:00 AMHey Tisham. On CloudFront, S3, R53 and ACM, this should work as expected I believe. I have some code that ran correctly not long ago so I can confirm that on Monday.
â¤ď¸ 1
steep-sunset-89396
08/06/2022, 11:01 AMRe deployment / credentials... This is always tricky because the process of narrowing down the permissions is definitely difficult. Not to mention it could/will impair you each time you want to add a new service that's not in your IAM scope. Which loops back to...
b
brave-pharmacist-67045
08/06/2022, 11:01 AMNo rush, I am revamping our infracode work. And this is the easiest and public way to make sure some bits work as planned
s
steep-sunset-89396
08/06/2022, 11:02 AMCredentials: Short lived credentials are the way to go, and so it should work with AWS profiles. Could you send us more details about your set up please? Also, the output for
pulumi aboutb
brave-pharmacist-67045
08/06/2022, 11:04 AMI ran into this issue : https://github.com/pulumi/pulumi-aws/issues/1995
brave-pharmacist-67045
08/06/2022, 11:04 AMDowngrading as recommended fixed it. Again no rush chat Monday.
s
steep-sunset-89396
08/06/2022, 11:05 AMSure. On my end, AWS profile and short lived credentials work just fine.
steep-sunset-89396
08/06/2022, 11:05 AMHave a good night đ
3 Views