No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

Hello everyone, just getting started with pulumi on aws... and I was wondering are access_key and secret_access_key required ? if I run pulumi on a ec2 server with a special IAM role, will pulumi use that role?

Yes - Pulumi will pick up AWS credentials from the environment it is running in using the standard chain of credentials sources as in <https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html>. This includes using the IAM role for an EC2 instance. 

i asked because i got a strange error from pulumi... but aws s3 rb worked

i'll keep digging :slightly_smiling_face:

Plan apply failed: deleting urn:pulumi:s3sigs-dev::s3sigs::aws:s3/bucket:Bucket::bucket-sigs-eu-west-1: error deleting S3 Bucket (bucket-sigs-eu-west-1-866216f): AccessDenied:No AWSAccessKey was presented.
    	status code: 403, request id: 3F4FDA77BE40BDE3, host id: jb0t+7lSOrH73lG1AJgc6ssL9PGf2HnbSGpaPKBVbaxbT0nhvTqAvSNHJbLHavQCT4Tx/3BD/9M=

it seems the problem is related to the fact that our security team blocked all other regions except us-east-1

"Sid": "DenyRegions",
            "Effect": "Deny",
            "Action": "*",
            "Resource": "*",
            "Condition": {
                "StringNotEquals": {
                    "aws:RequestedRegion": [
"us-east-1"

const bucket = new aws.s3.Bucket("bucket-sigs-eu-west-1", {
    region: "eu-west-1",
    website: {
      indexDocument: "index.html",
      errorDocument: "error.html"
    }
})

thank you for confirming the credentials chain