stocky-spoon-28903
08/08/2018, 6:46 PMstocky-spoon-28903
08/08/2018, 6:46 PMstocky-spoon-28903
08/08/2018, 7:35 PMstocky-spoon-28903
08/08/2018, 8:46 PMstocky-spoon-28903
08/08/2018, 10:38 PMdependsOn
works across other components?bland-lamp-97030
08/08/2018, 11:05 PMstocky-spoon-28903
08/08/2018, 11:05 PMbland-lamp-97030
08/08/2018, 11:06 PMstocky-spoon-28903
08/08/2018, 11:06 PMbland-lamp-97030
08/08/2018, 11:07 PMstocky-spoon-28903
08/08/2018, 11:08 PMstocky-spoon-28903
08/08/2018, 11:08 PMmicroscopic-florist-22719
bland-lamp-97030
08/08/2018, 11:09 PMstocky-spoon-28903
08/08/2018, 11:09 PMbland-lamp-97030
08/08/2018, 11:09 PMResource: aws.getCallerIdentity().then(resp => arn:aws:ssm:${region}:${resp.accountId}:parameter/myapp*)
bland-lamp-97030
08/08/2018, 11:10 PMbland-lamp-97030
08/08/2018, 11:10 PMmicroscopic-florist-22719
microscopic-florist-22719
bland-lamp-97030
08/08/2018, 11:11 PMbland-lamp-97030
08/08/2018, 11:11 PMconst policy = new aws.iam.RolePolicy("ksub-application-role-policy", {
role: role.name,
policy: JSON.stringify({
Version: "2012-10-17",
Statement: [
{
Action: ["ssm:GetParameters"],
Effect: "Allow",
Resource: aws.getCallerIdentity().then(resp => `arn:aws:ssm:${region}:${resp.accountId}:parameter/KSUB_*`), // how??
},
{
Action: ["kms:Decrypt"],
Effect: "Allow",
Resource: kmsKey.arn,
},
{
Action: [
"autoscaling:Describe*",
"ec2:Describe*",
"ec2:Get*",
"ecs:Describe*",
"ecs:List*",
"elasticache:Describe*",
"elasticache:List*",
"elasticloadbalancing:Describe*",
"iam:Get*",
"iam:List*",
"ssm:DescribeParameters",
"rds:Describe*",
"rds:List*",
],
Effect: "Allow",
Resource: "*",
},
],
}),
});
stocky-spoon-28903
08/08/2018, 11:11 PMbland-lamp-97030
08/08/2018, 11:11 PMbland-lamp-97030
08/08/2018, 11:12 PMmicroscopic-florist-22719
const policy = new aws.iam.RolePolicy("ksub-application-role-policy", {
role: role.name,
policy: aws.getCallerIdentity().then(resp => JSON.stringify({
Version: "2012-10-17",
Statement: [
{
Action: ["ssm:GetParameters"],
Effect: "Allow",
Resource: `arn:aws:ssm:${region}:${resp.accountId}:parameter/KSUB_*`,
},
{
Action: ["kms:Decrypt"],
Effect: "Allow",
Resource: kmsKey.arn,
},
{
Action: [
"autoscaling:Describe*",
"ec2:Describe*",
"ec2:Get*",
"ecs:Describe*",
"ecs:List*",
"elasticache:Describe*",
"elasticache:List*",
"elasticloadbalancing:Describe*",
"iam:Get*",
"iam:List*",
"ssm:DescribeParameters",
"rds:Describe*",
"rds:List*",
],
Effect: "Allow",
Resource: "*",
},
],
})),
});
stocky-spoon-28903
08/08/2018, 11:13 PMbland-lamp-97030
08/08/2018, 11:13 PMstocky-spoon-28903
08/08/2018, 11:14 PMpulumi.all
for if you need to depend on multiple promised parametersstocky-spoon-28903
08/09/2018, 11:25 AMDo you want to perform this update? yes
Updating stack 'vault-dev'
Performing changes:
Type Name Status Info
* pulumi:pulumi:Stack pulumi-vault-test-vault-dev done
* └─ operator-error:aws:vault:VaultServers algo-vault-servers unchanged
~ └─ aws:ec2:SecurityGroup algo-vault-server-sg **updating failed** changes: ~ ingress, 2 errors
Diagnostics:
aws:ec2:SecurityGroup: algo-vault-server-sg
error: Plan apply failed: updating urn:pulumi:vault-dev::pulumi-vault-test::operator-error:aws:vault:VaultServers$aws:ec2/securityGroup:SecurityGroup::algo-vault-server-sg: Error revoking security group ingress rules: InvalidPermission.NotFound: The specified rule does not exist in this security group.
status code: 400, request id: 72b0d525-f31f-4fff-a0dc-7229cfb50af3
error: update failed
info: no changes required:
50 resources unchanged