No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

<@U0338MQ85KN> I think the correct answer is to use AWS SSO :slightly_smiling_face: for human users, and use roles for CI/CD

<@U0338MQ85KN> create roles in each AWS account and use OIDC tokens:
<https://circleci.com/docs/2.0/openid-connect-tokens/>

<@UCWG26BH7>
Thank you sending this on, I don't have experience using aws sso with pulumi, if you any helpful pointers on this please send this on
Cheers

aws sso it just a mechanism to authenticate with AWS as a human user, you'd set it up inside your org management account and it allows you to authenticate to all other accounts in an AWS org

it's not really "pulumi" specific, it's just a better way of getting credentials

pulumi needs credentials to create infrastructure, and AWS gives you lots of ways to retrieve those credentials