Pulumi IAM Expands: Manage Access at Scale with Tags, Roles, and Teams

Pulumi has introduced advanced features for managing permissions at scale, including tag-based access control, team role assignments, and user role assignments, aimed at enhancing security and efficiency in CI/CD pipelines. Tag-based access control allows organizations to dynamically grant permissions based on entity tags across infrastructure as code (IaC) stacks, environments, and accounts, simplifying the management of large numbers of resources without requiring manual configuration. Custom roles can now be directly assigned to teams, allowing members to inherit permissions as they join, and roles can be tailored to individual users for responsibilities spanning multiple teams. Permissions in Pulumi are additive, ensuring that users receive the collective permissions from all roles assigned to them or their teams. These new capabilities are accessible through the Pulumi Cloud console and REST API for organizations using the Pulumi Enterprise and Business Critical plans, offering a comprehensive solution for implementing least-privilege access control at scale.