Is there a best-practice on how to determine the r...
# getting-started
Is there a best-practice on how to determine the required permissions on the cloud provider provisioning account used by Pulumi? e.g. I'm working through the AWS tutorial examples, and I'm finding myself guessing at the required permissions -- editing permissions on the service account as tasks fail. I'm new to Pulumi, so I may be missing something obvious.
iamlive works well with Pulumi:
This looks perfect! I am able to run iamlive, in proxy mode, and capture permissions for AWS CLI commands. But the Pulumi command is throwing an error about the x509 cert being signed by an unknown authority. This makes sense, since I'm MITM'ing myself. But is there an easy work-around?
Just found the solution.
creates a self-signed key and stores it in
. By adding and trusting that cert within my local keychain, it started working as expected. Thanks for the tip, @billowy-army-68599