early-rose-86563
05/06/2021, 8:36 PMpulumi up
or pulumi destroy
. Is there any way to log the exact AWS API request or AWS error reply ? Pulumi gives me an error like “*Error reading new Lambda permissions: AccessDeniedException: status code: 403, request id: 22b39a15-7ff2-4fda-abf4-e7b057e073ef*” , but I’m looking for something to tell me which IAM action(s) I need to add to my IAM role (such as “`lambda:listFunctions`”). I don’t want to just use “`lambda:*`” for security reasons. I don’t know if the vague error message is coming from AWS or Pulumi. Any ideas? (-v=9 did not log the details I seek.) Thanks!little-cartoon-10569
05/06/2021, 8:49 PMearly-rose-86563
05/06/2021, 9:02 PMred-match-15116
05/06/2021, 9:03 PM--logflow
along with --logtostderr -v=9
early-rose-86563
05/06/2021, 9:05 PMlittle-cartoon-10569
05/06/2021, 10:01 PM{ $.eventType = "AwsApiCall" && $.errorCode = "AccessDenied" }
. You can use { $.eventType = "AwsApiCall" && $.errorCode = "*" }
and narrow it from there.early-rose-86563
05/06/2021, 10:11 PMfresh-minister-66960
11/23/2022, 9:22 AM