No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

Hey Guys,
I’m trying to create an aws eks cluster and i’m running into IAM authorizations error about “AssumeRole”, this is the output :
`arn:aws:iam::111111111:user/pulumi-dev is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::111111111:user/pulumi-dev`
I created a group for this user, gave it the sufficient permissions, also created a role that have this as the trust relationship :
```{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::076477451822:user/pulumi-dev"
            },
            "Action": "sts:AssumeRole"
        }
    ]
} ```
can you guys refer me to the right way to do this ?
Thanks, Raz.

Solved by better understanding of roles and trust relationship. thanks anyway :slightly_smiling_face:

How did you solve it? Someone else may find this question in the future :slightly_smiling_face:

Was it that the assuming was being done by a group, but the assumption was trusting a user?

Reading about aws roles and role-assuming made it more easier for me :slightly_smiling_face: