No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

I'm using `localstack`.

Things I've tried:
1. Running the IAM commands directly with `aws --endpoint-url=<http://localhost:456> iam the-command...` -- works as expected.
2. Running `pulumi up` with all `aws:endpoints` included, *except* `cloudwatch` -- works as expected.
3. Eliminating all custom endpoints but `cloudwatch` and `iam` -- the `iam` endpoint is ignored in this minimal case.
4. Starting `localstack` with `SERVICES=iam,cloudwatch` -- the issue persists.

```➜ pulumi version
v2.8.2

➜ pip list | grep pulumi-aws
pulumi-aws             2.13.1

➜ python --version
Python 3.8.5```

Similarly, when any of the `iam`, `cloudwatch`, or `sns` endpoints is set, the `s3` endpoint is ignored and requests are sent to `<http://s3.amazonaws.com|s3.amazonaws.com>` .

Also, when both `iam` and `s3` endpoints are set, the `iam` requests are sent to `<http://iam.amazonaws.com|iam.amazonaws.com>`.

To eliminate `localstack`  and the aws terraform provider as the sources of the issue, I've successfully created the resources via the `aws` CLI tool and also via `terraform apply` .

For anyone following along, the endpoints must be specified like this:
```aws:endpoints:
- s3: '...'
  iam: '...'
  ec2: '...'
  ...```
and *not* like this:
```aws:endpoints:
- s3: '...'
- iam: '...'
- ec2: '...'
- ...```