No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

You can have something like this in your stack config:
```config:
  aws:region: us-east-1
  aws:allowedAccountIds: ['123456789012']
  aws:assumeRole:
    roleArn: arn:aws:iam::123456789012:role/someRole
    sessionName: pulumi```

Can you point me to any documentation to properly setup a role for pulumi in AWS?

I could probably wing it by creating something that has admin access to everything, but I'd rather learn what is actually needed

Well that's not really Pulumi's responsability, you need to give the role permissions to manipulate the resources pulumi will handle

so if you want to create S3 buckets from pulumi, well you need to give that role permissions to manipulate S3 buckets (either all of them, or specific ones)

That's an AWS thing, and IAM roles and policies is a PITA on AWS

yeah that makes sense.  So when youre working with this, do you go least privelage first and then add permissions as you go?

What I would recommend, if you're just starting out, is to declare your resources in Pulumi, and then do the preview/up/destroy operations, pulumi is going to spit out permissions error and you can use them to setup your IAM poilicies

it's not the cleanest way but it'll show you exactly which permissions you need, when you need them

I haven't tried this myself (yet) but there's a tool here to generate IAM policy documents from calls from the Pulumi CLI:
<https://github.com/iann0036/iamlive>