Improve Error Handling

[dmattia]

trafficstars

Hello!

• Vote on this issue by adding a 👍 reaction
• To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already)

Issue details

I added a single aws-native resource to one of my stacks recently, and was able to apply easily locally, but on CI I was met with the error:

during any preview or up command. This message gives very little information about what the actual problem is, which ended up being that I needed to add some IAM permissions to our CI system.

This was immediately clear when I viewed the related CloudTrail logs related to this error:

I'm not sure if this is something AWS exposes through their API, but they definitely do know what the error is, as a nice error message was logged to CloudTrail, so it would be very helpful to have those messages propagate through to the Pulumi diagnostics.

Steps to reproduce

1. Create a resource with this provider
2. remove your permissions to describe that resource
3. run pulumi up
4. check the error message

Expected: A log explaining the missing permission would have been displayed Actual: I received a generic, non-helpful error message

[seanthingee]

I also had a similar experience when trying to create a IAM Role. I had an error, as it turned out, in the assumeRolePolicyDocument (trust policy). AWS native gives this error:

aws-native:iam:Role (deploy-role):
  error: operation UPDATE failed with "InvalidRequest": Syntax error at position (1,102) (Service: Iam, Status Code: 400, Request ID: 71643922-55f4-4993-b52e-43823a64c913)

Whereas AWS classic shows this error message which was much more helpful to me.

aws:iam:Role (deploy-role):
  error: 1 error occurred:
    * creating IAM Role (DeployRole): MalformedPolicyDocument: Syntax error at position (1,79)
    status code: 400, request id: 660850b4-8e8e-46a2-9225-62ac231111f9