No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

<https://pulumi-community.slack.com/archives/CRH5ENVDX/p1757431590703599?thread_ts=1757401745.581939&amp;cid=CRH5ENVDX>

Need to ensure that the AWS role used by Pulumi has the `CloudWatch Logs: CreateDelivery` permission for the target resource.

Need to look into this package to see how the permissions are defined
```usEast1Provider := provider.GetUsEast1Provider(ctx)```


Permissions are in place for User used by Pulumi.

Provider:

```var usEast1Provider pulumi.ProviderResource

func init() {
    usEast1Provider = nil
}
func GetUsEast1Provider(ctx *pulumi.Context) pulumi.ProviderResource {
    if usEast1Provider == nil {
       var err error
       usEast1Provider, err = aws.NewProvider(ctx, "us-east-1-provider", &amp;aws.ProviderArgs{
          Region: pulumi.String("us-east-1"),
       })
       if err != nil {
          log.Fatalf("Failed to create us-east-1 provider: %v", err)
       }
       log.Debug("Created us-east-1 provider for CloudFront-related resources")
    }
    return usEast1Provider
}```


When adding to Pulumi user Admin access, it was deployed successfully, hmmm