Is there documentation on the credentials needed f...
# general
Is there documentation on the credentials needed for a Pulumi preview command? I'd like to set up CI to preview with minimal permissions
Hi @ripe-dinner-40604, The credentials will still be the same required, i.e. if AWS then we need ACCESS_KEY_ID and SECRET_ACCESS_KEY etc
I mean the permissions that the AWS role would require
I'm going to make a special role with minimal IAM permissions preferably read-only since it's a
Sorry that was a poorly worded question 🙂
so that all depends on what your pulumi program is doing - IAM permissions / policies will be specific to each of the providers. So there is no base that we can suggest
Okay, can you confirm that it doesn't need write permissions to the objects ?
Copy code
  "Version": "2012-10-17",
  "Statement": {
    "Effect": "Allow",
    "Action": [
    "Resource": "*"
After creating permissions for other resources than iam, I'm getting an interesting error on my Kubernetes preview
Copy code
❯ pulumi preview
Previewing update (dev):

     Type                                       Name         Plan     Info
     pulumi:pulumi:Stack                        kubiome-dev
     └─ kubernetes:<|>  fsx-sc                1 error

  kubernetes:<|> (fsx-sc):
    error: Failed to check for changes in resource default/fsx-sc because of an error communicating with the API server: the server has asked for the client to provide credentials