https://pulumi.com logo
Title
a

acoustic-truck-53557

09/09/2022, 7:25 PM
Hi. I'm creating an AWS IAM user for Pulumi, but with the intent to only run
pulumi preview
. What is the appropriate permission to give to this user? Given that it will just "read"/"describe" elements on the infra, it won't change anything.
s

stocky-restaurant-98004

09/09/2022, 11:08 PM
Something like
arn:aws:iam::aws:policy/job-function/ViewOnlyAccess
If ViewOnly is hitting access issues, try
arn:aws:iam::aws:policy/ReadOnlyAccess
a

acoustic-truck-53557

09/13/2022, 7:34 PM
Thanks @stocky-restaurant-98004. It worked with
arn:aws:iam::aws:policy/job-function/ViewOnlyAccess
plus privileges to use KMS to decrypt secrets. Many thanks.
s

stocky-restaurant-98004

09/13/2022, 7:38 PM
You're most welcome! Please don't hesitate to reach out if you have any more trouble.