rapid-portugal-24105
08/23/2022, 5:38 PMstocky-restaurant-98004
08/23/2022, 5:41 PMrapid-portugal-24105
08/23/2022, 5:45 PMstocky-restaurant-98004
08/23/2022, 5:49 PMaws sso login
. If you have to use IAM users with access keys, some tips:
1. Never put access keys (or any other secret) in anything that goes in source control. Use env vars.
2. First choice should be to have Pulumi run through a CI/CD pipeline, but if you can't or aren't ready to do that and need IAM users to run pulumi deploy
, use a hub-and-spoke model where low-priv users assume high-priv roles (you typically need FullAdmin to run Pulumi or any non-CF IaC tool b/c the API calls to create infra are made from your local machine)
3. Make sure you rotate your access keys regularlyrapid-portugal-24105
08/23/2022, 5:55 PMstocky-restaurant-98004
08/23/2022, 5:57 PMvictorious-church-57397
08/23/2022, 6:12 PMrapid-portugal-24105
08/23/2022, 6:12 PM