pulumi-aws-native icon indicating copy to clipboard operation
pulumi-aws-native copied to clipboard

Published 20 hours ago verified publisher icon pulumi

IAM Access to cloudformation:CreateResource required to use AWS Native

Open pierskarsenbarg opened this issue 2 years ago • 2 comments

Hello!

  • Vote on this issue by adding a 👍 reaction
  • If you want to implement this feature, comment to let us know (we'll work with you on design, scheduling, etc.)

Issue details

Due to the fact that AWS Native uses AWS Cloud Control API under the hood, access to at least cloudformation:CreateResource action is required (we've had this reported from a customer attempting to use this) although probably cloudformation:* is the best option.

Affected area/feature

AWS Native

pierskarsenbarg avatar Feb 16 '23 11:02 pierskarsenbarg

Do you think this needs a documentation update, and/or is it something that can be in a preflight check?

squaremo avatar Feb 17 '23 16:02 squaremo

@squaremo I think it would be great to have some documentation to inform our users. We all often assume that the deploying "user" has full admin privileges but it's not always the case.

aureq avatar Feb 17 '23 22:02 aureq