No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

Hmm, is there a way to use STS or assume role instead of a pretty permissive Role with access token for CI?
It would be cool to support <https://github.com/99designs/aws-vault>

Yep - Pulumi should already work with that tool.

You sure? Because it no longer uses the access token in .aws/ etc.

I haven’t tried it myself - but it sets the environment variables that Pulumi reads: <https://github.com/99designs/aws-vault/blob/master/README.md#security|https://github.com/99designs/aws-vault/blob/master/README.md#security>. 

Right, so our CI would have to execute aws-vault before running pulumi up.
I wonder how that works with Github Actions.