Reviving my question from yesterday: how can I read NACL rules (not managed by Pulumi)? The getNetworkAcls function seems to hide the "Entries" part of what's returned from the SDK's DescribeNetworkAcls, so I can inspect the rules programmatically. I tried used the SDK directly, but this is problematic because I don't have any creds available to get a client, I only have the Pulumi provider, which doesn't expose the creds.

Regarding the second part of your question, you can use boto3 and sts to get the credentials if you're using Python. I don't know about the other languages, but I'm pretty sure there is something similar.