No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

My strategy that has worked pretty well with `aws sso`:
• Unless specifying a different provider region, just use the default AWS providers
• To deploy under a separate IAM role, run something like `AWS_PROFILE=staging pulumi up`, where `staging` is a role in the `~/.aws/config` file
• On CI, you just need to assume whatever AWS role you need before running any Pulumi commands and the auth works there too

^ This also works well with `aws-vault` if you use that to manage local credentials

Note that AWS SSO is specifically intended for interactive logins, and there are alternative techniques better suited for use by headless / service user logins. I found this out at the cost of several days' work recently when trying to get AWS SSO + GitHub pipelines to work with various stale hacks I found laying around the place. Dropping SSO in favour of AWS' recent support for GitHub's OIDC service was the correct solution in this case.