No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

If the difference is between the state of the stack, and the state of the provider, then `pulumi refresh` or `pulumi up --refresh` should sort it.

If the difference is between the state of the stack in the UI and the state of the stack in the Pulumi database, then that would be a bug and you'd need help from Pulumi support.

What is the "pulumi console" and the "actual stack" in your case?

by pulumi console i mean what shows up under resources on `<http://app.pulumi.com|app.pulumi.com>`, and the actual stack i mean when i go on the AWS console and look at things like route53 or kms

when i do `pulumi up --refresh` i get this error `Error retreiving Projects: "AccessDeniedException: User: arn:aws:sts::1111111111:assumed-role/OrganizationAccountAccessRole/1111111111111111111 is not authorized to perform: codebuild:BatchGetProjects on resource:` what is that digit after the role? its too many digits to be an account

I think only the permissions that OrganizationAccountAccessRole has would be important.

That said, I would recommend against using your org account for doing this work. It probably has lots of permissions, but you don't want to change the permissions it has. And you may want to change the permissions that your Pulumi programs have.

hmmm have a different account for the CI to make infra changes normally, but its broken so im using my account to debug it. that role has definitely more permissions tho. so im trying to figure out why i get that error

The codebuild permissoin is the only important one. Check that it's on OrganizationAccountAccessRole

There's no reason it would be, that role is for administration, not building.