Channels
pulumi-ai
package-authoring
pulumi-cdk
oracle-cloud-infrastructure
learn-pulumi-events
linen
registry
built-with-pulumi
pulumi-cloud
contribex
testingtesting321
hacktoberfest
cloudengineering
yaml
pulumi-crosscode
content-share
finops
multi-language-hackathon
office-hours
workshops
blog-posts
localstack
welcome
gitlab
pulumi-kubernetes-operator
jobs
aws
pulumi-deployments
dotnet
golang
announcements
java
pulumiverse
python
install
getting-started
cloudengineering-support
testingtesting123
hackathon-03-19-2020
typescript
google-cloud
contribute
azure
kubernetes
docs
automation-api
status
general
Title
c
chilly-magazine-6129
02/27/2021, 11:07 PMđź‘‹ hey folks - if there's a new AWS resource (like AWS Timestream) that isn't supported by Pulumi (yet) - what would be the right way to give a stack permissions to access it? I get a permissions error when trying to access it using the S3 client
w
white-balloon-205
02/28/2021, 4:57 AMWhen you say “give a stack permission to access it”, what exactly do you have in mind? If you need to construct IAM permissions, you should just be able to use the documented principals and resource arn formats that Timestream provides in their docs from your Pulumi IAM or related resources.
c
chilly-magazine-6129
03/01/2021, 5:24 PMThis is the kind of error we're seeing, and yes I assume it's giving the role more permissions - is there an example to follow on what that would look like? Also, everyone in our team loves Pulumi, from IT to the software engineers. I always feel I need to mention it because you guys are doing a fantastic job
Figured it out - It was as easy as creating another attached policy and associate it with the same role. I think the less intuitive part (which arguably is because this was the first time we needed to do it) is not having an Array to pass these into vs. defining the objects and from there associating them with the role they'll be attached to. đź‘Ť All good on our end though