This message was deleted.
# aws
s
This message was deleted.
b
@stocky-petabyte-29883 I think the correct answer is to use AWS SSO 🙂 for human users, and use roles for CI/CD
which CI/CD tool are you using?
s
circle ci
b
@stocky-petabyte-29883 create roles in each AWS account and use OIDC tokens: https://circleci.com/docs/2.0/openid-connect-tokens/
s
@billowy-army-68599 Thank you sending this on, I don't have experience using aws sso with pulumi, if you any helpful pointers on this please send this on Cheers
b
aws sso it just a mechanism to authenticate with AWS as a human user, you'd set it up inside your org management account and it allows you to authenticate to all other accounts in an AWS org
it's not really "pulumi" specific, it's just a better way of getting credentials
pulumi needs credentials to create infrastructure, and AWS gives you lots of ways to retrieve those credentials
s
Cheers