This message was deleted.
# general
s
This message was deleted.
l
If the difference is between the state of the stack, and the state of the provider, then
pulumi refresh
or
pulumi up --refresh
should sort it.
If the difference is between the state of the stack in the UI and the state of the stack in the Pulumi database, then that would be a bug and you'd need help from Pulumi support.
What is the "pulumi console" and the "actual stack" in your case?
d
by pulumi console i mean what shows up under resources on
<http://app.pulumi.com|app.pulumi.com>
, and the actual stack i mean when i go on the AWS console and look at things like route53 or kms
when i do
pulumi up --refresh
i get this error
Error retreiving Projects: "AccessDeniedException: User: arn:aws:sts::1111111111:assumed-role/OrganizationAccountAccessRole/1111111111111111111 is not authorized to perform: codebuild:BatchGetProjects on resource:
what is that digit after the role? its too many digits to be an account
l
I think that's the role session ID?
I think only the permissions that OrganizationAccountAccessRole has would be important.
That said, I would recommend against using your org account for doing this work. It probably has lots of permissions, but you don't want to change the permissions it has. And you may want to change the permissions that your Pulumi programs have.
d
hmmm have a different account for the CI to make infra changes normally, but its broken so im using my account to debug it. that role has definitely more permissions tho. so im trying to figure out why i get that error
l
The codebuild permissoin is the only important one. Check that it's on OrganizationAccountAccessRole
There's no reason it would be, that role is for administration, not building.