No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

Hi everyone,
I'm using Pulumi with the Automation API and running it in AWS CodeBuild and locally. I want to authenticate Pulumi with AWS *without using `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY`*.
I know that AWS CodeBuild has an IAM role, but how do I ensure Pulumi picks it up? Also, for local development, what is the best practice—AWS profiles, AWS SSO, or something else?

The IAM role should just get used if its available. For local dev, AWS SSO is the correct way
<https://leebriggs.co.uk/blog/2022/09/05/authenticating-to-aws-the-right-way>

Yep... I set the `AWS_PROFILE` env var when running pulumi commands.  This way the same pulumi code will work in both places / anywhere

I run it from AWS Code Build but i get error:
`Command failed with exit code 255: pulumi up --yes --skip-preview --message Executed from codebuild --refresh --diff --parallel 1 --client=127.0.0.1:33929 --exec-kind auto.inline --stack platform-iac-bastion-role --non-interactive`
`621`
`error: pulumi:providers:aws resource 'default_6_56_0' has a problem: No valid credential sources found.`

can you run `aws sts get-caller-identity` before pulumi and see if you have a valid iam role

its also for Pulumi cloud?
i have valid iam role and ful access but i get error

What is the best practice in Pulumi Cloud?