No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

This highly depends on the environment, the least privilege principle is always the best but deployer roles often need much more so it requires some effort. This is IMO a good article providing at least some options <https://meirg.co.il/2021/04/23/determining-aws-iam-policies-according-to-terraform-and-aws-cli/>

<@U03K4SWU150> One suggestion - put the principal in one account dedicated for this purpose and use Assume Role to deploy to your app environments.

Our own <@UCWG26BH7> has you covered with this excellent blog post for more info: <https://leebriggs.co.uk/blog/2022/09/05/authenticating-to-aws-the-right-way>

Thank you, this is useful stuff both of you :+1: