Channels
#general
Title
d
dry-teacher-74595
08/10/2021, 12:04 AMHey guys, i don’t know if this is a common problem. but it looks like my the list of AWS resources on pulumi console is out of date with the actual stack. and when i run
pulumi destroyl
little-cartoon-10569
08/10/2021, 12:09 AMIf the difference is between the state of the stack, and the state of the provider, then
pulumi refreshpulumi up --refreshIf the difference is between the state of the stack in the UI and the state of the stack in the Pulumi database, then that would be a bug and you'd need help from Pulumi support.
What is the "pulumi console" and the "actual stack" in your case?
d
dry-teacher-74595
08/10/2021, 12:37 AMby pulumi console i mean what shows up under resources on
<http://app.pulumi.com|app.pulumi.com>when i do
pulumi up --refreshError retreiving Projects: "AccessDeniedException: User: arn:aws:sts::1111111111:assumed-role/OrganizationAccountAccessRole/1111111111111111111 is not authorized to perform: codebuild:BatchGetProjects on resource:l
little-cartoon-10569
08/10/2021, 12:59 AMI think that's the role session ID?
I think only the permissions that OrganizationAccountAccessRole has would be important.
That said, I would recommend against using your org account for doing this work. It probably has lots of permissions, but you don't want to change the permissions it has. And you may want to change the permissions that your Pulumi programs have.
d
dry-teacher-74595
08/10/2021, 1:08 AMhmmm have a different account for the CI to make infra changes normally, but its broken so im using my account to debug it. that role has definitely more permissions tho. so im trying to figure out why i get that error
l
little-cartoon-10569
08/10/2021, 1:13 AMThe codebuild permissoin is the only important one. Check that it's on OrganizationAccountAccessRole
There's no reason it would be, that role is for administration, not building.
2 Views