Hi. I want to use RoleForServiceAccountsEks (
https://www.pulumi.com/registry/packages/aws-iam/api-docs/roleforserviceaccountseks/#aws-iam-roleforserviceaccountseks) to create an IAM role assumable by an k8s EKS service account. The example code in typescript however produce the following error:
Diagnostics:
pulumi
pulumiStack (EKS-cluster-mystack):
error: Error: failed to register new resource aws-iam-example-role-for-service-accounts-eks [aws-iam
indexRoleForServiceAccountsEks]: 2 UNKNOWN: marshaling properties: awaiting input property "role": cannot marshal an input of type pulumi.StringOutput with element type string as a value of type pulumi.StringOutput
at Object.registerResource (/home/abrusci/test-pulumi/test-pulumi-aws-ITN-Node/node_modules/@pulumi/runtime/resource.ts
42127)
at new Resource (/home/abrusci/test-pulumi/test-pulumi-aws-ITN-Node/node_modules/@pulumi/resource.ts
49013)
at new ComponentResource (/home/abrusci/test-pulumi/test-pulumi-aws-ITN-Node/node_modules/@pulumi/resource.ts
9949)
at new RoleForServiceAccountsEks (/home/abrusci/test-pulumi/test-pulumi-aws-ITN-Node/node_modules/@pulumi/roleForServiceAccountsEks.ts
999)
at Object.<anonymous> (/home/abrusci/test-pulumi/test-pulumi-aws-ITN-Node/cluster.ts
27442)
at Module._compile (node
internal/modules/cjs/loader1155:14)
at Module.m._compile (/home/abrusci/test-pulumi/test-pulumi-aws-ITN-Node/node_modules/ts-node/src/index.ts
43923)
at Module._extensions..js (node
internal/modules/cjs/loader1209:10)
at Object.require.extensions.<computed> [as .ts] (/home/abrusci/test-pulumi/test-pulumi-aws-ITN-Node/node_modules/ts-node/src/index.ts
44212)
at Module.load (node
internal/modules/cjs/loader1033:32)
Here the code used:
export const roleForServiceAccountsEks = new iameks.RoleForServiceAccountsEks(
"aws-iam-example-role-for-service-accounts-eks",
{
role: {
name: "vpccni"
},
tags: {
Name: "vpc-cni-irsa"
},
oidcProviders: {
main: {
providerArn:
"arn
awsiam
xxxxxxxxxxxxoidc-provider/oidc.eks.eu-central-1.amazonaws.com/id/XXXXXXXXXXXXXXXXXX",
namespaceServiceAccounts: ["default:my-app"]
}
},
policies: {
vpnCni: {
attach: true,
enableIpv4: true
}
}
}
);
Thanks for support.
BR