This message was deleted.
# awss
sparse-intern-71089
06/01/2023, 2:56 PMThis message was deleted.
b
billowy-army-68599
06/01/2023, 3:08 PM
Where are you using the using the bucket name? The issue doesn’t appear to be the stack ref
c
calm-queen-58154
06/01/2023, 3:09 PMIn an AppRunner policy (python code):
Copy code
"Resource": [f"arn:aws:s3:::{bucket}/*" for bucket in bucket_list],b
billowy-army-68599
06/01/2023, 3:09 PM
That’s the problem, you can’t interpolate an output like that
billowy-army-68599
06/01/2023, 3:10 PM
You need to use an apply
c
calm-queen-58154
06/01/2023, 3:10 PMOh!
calm-queen-58154
06/01/2023, 3:10 PMnot sure I understand what it means though
b
billowy-army-68599
06/01/2023, 3:11 PM
I’m in transit right now, once I get to a stopping point I’ll post a more thorough answer.
billowy-army-68599
06/01/2023, 3:11 PM
Are you familiar with outputs at all?
c
calm-queen-58154
06/01/2023, 3:11 PMnope
b
billowy-army-68599
06/01/2023, 3:12 PM
Okay, start with reading these
https://www.pulumi.com/docs/concepts/inputs-outputs/
https://leebriggs.co.uk/blog/2021/05/09/pulumi-apply.html
✅ 1
billowy-army-68599
06/01/2023, 3:12 PM
Then I’ll send the answer over when I get to a laptop
✅ 1
c
calm-queen-58154
06/01/2023, 3:13 PMnot much that is, besides using them in a way that worked fine
Copy code
subnets=core_stack_ref.get_output("defaultPrivateSubnetIds"),calm-queen-58154
06/01/2023, 5:41 PMI've a tried a ton of different things to no avail.
e.g.: this did not work
Copy code
name = bucket.apply(lambda v: f"prefix{v}suffix")b
billowy-army-68599
06/01/2023, 5:57 PM
Can you post the full code of the consuming stack
c
calm-queen-58154
06/02/2023, 7:38 AMI can post the bits that should be relevant, edited for clarity, python code
Copy code
# In core stack
# Create an aws.s3.BucketV2 resource with KMS server-side encryption
bucket = aws.s3.BucketV2(
"bucket",
tags={
"Environment": environment,
"Service": "core",
},
)
bucket_attachments_policy = aws.s3.BucketServerSideEncryptionConfigurationV2(
"bucket-policy",
bucket=bucket.id,
rules=[
aws.s3.BucketServerSideEncryptionConfigurationV2RuleArgs(
apply_server_side_encryption_by_default=aws.s3.BucketServerSideEncryptionConfigurationV2RuleApplyServerSideEncryptionByDefaultArgs(
kms_master_key_id=config.require("KMS_BUCKET_KEY"),
sse_algorithm="aws:kms",
),
bucket_key_enabled=True,
),
],
)
# Export the S3 bucket name
pulumi.export("bucket", bucket.id)
# In other stack that uses the core stack
# Fetch config values used throughout
core_org = config.require("core-org")
core_project = config.require("core-project")
core_stack_name = config.require("core-stack")
core_stack_ref = pulumi.StackReference(f"{core_org}/{core_project}/{core_stack_name}")
bucket = core_stack_ref.require_output("bucket")
bucket_list = [bucket]
apprunner_instance_policy_document = json.dumps(
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
],
"Effect": "Allow",
"Resource": [f"arn:aws:s3:::{bucket}/*" for bucket in bucket_list],
},
],
}
)b
billowy-army-68599
06/02/2023, 3:34 PM
Copy code
apprunner_instance_policy_document = pulumi.Output.json.dumps(
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
],
"Effect": "Allow",
"Resource": [
pulumi.Output.concat("arn:aws:s3:::", bucket),
],
},
],
}
)billowy-army-68599
06/02/2023, 3:34 PM
c
calm-queen-58154
06/02/2023, 6:12 PMthanks! will have a look on monday
5 Views