Hi. I want to use RoleForServiceAccountsEks (https://www.pulumi.com/registry/packages/aws-iam/api-docs/roleforserviceaccountseks/#aws-iam-roleforserviceaccountseks) to create an IAM role assumable by an k8s EKS service account. The example code in typescript however produce the following error: Diagnostics: pulumipulumiStack (EKS-cluster-mystack): error: Error: failed to register new resource aws-iam-example-role-for-service-accounts-eks [aws-iamindexRoleForServiceAccountsEks]: 2 UNKNOWN: marshaling properties: awaiting input property "role": cannot marshal an input of type pulumi.StringOutput with element type string as a value of type pulumi.StringOutput at Object.registerResource (/home/abrusci/test-pulumi/test-pulumi-aws-ITN-Node/node_modules/@pulumi/runtime/resource.ts42127) at new Resource (/home/abrusci/test-pulumi/test-pulumi-aws-ITN-Node/node_modules/@pulumi/resource.ts49013) at new ComponentResource (/home/abrusci/test-pulumi/test-pulumi-aws-ITN-Node/node_modules/@pulumi/resource.ts9949) at new RoleForServiceAccountsEks (/home/abrusci/test-pulumi/test-pulumi-aws-ITN-Node/node_modules/@pulumi/roleForServiceAccountsEks.ts999) at Object.<anonymous> (/home/abrusci/test-pulumi/test-pulumi-aws-ITN-Node/cluster.ts27442) at Module._compile (nodeinternal/modules/cjs/loader1155:14) at Module.m._compile (/home/abrusci/test-pulumi/test-pulumi-aws-ITN-Node/node_modules/ts-node/src/index.ts43923) at Module._extensions..js (nodeinternal/modules/cjs/loader1209:10) at Object.require.extensions.<computed> [as .ts] (/home/abrusci/test-pulumi/test-pulumi-aws-ITN-Node/node_modules/ts-node/src/index.ts44212) at Module.load (nodeinternal/modules/cjs/loader1033:32) Here the code used: export const roleForServiceAccountsEks = new iameks.RoleForServiceAccountsEks( "aws-iam-example-role-for-service-accounts-eks", { role: { name: "vpccni" }, tags: { Name: "vpc-cni-irsa" }, oidcProviders: { main: { providerArn: "arnawsiamxxxxxxxxxxxxoidc-provider/oidc.eks.eu-central-1.amazonaws.com/id/XXXXXXXXXXXXXXXXXX", namespaceServiceAccounts: ["default:my-app"] } }, policies: { vpnCni: { attach: true, enableIpv4: true } } } ); Thanks for support. BR

I worked a PR for the karpenter role that actually ended up just exposing a deeper issue in the full pulumi code that comes from the cross-language generation portion. I imagine you could fairly easily resolve your current issue with the same style PR, and end up exposing the same underlying issue which I can't remember... but the last time I checked it was still open.

Hi @clever-dog-35937 and thanks for your reply. My intent is exactly that, install karpenter after the EKS cluster creation. Any suggestions on how to do that..?....thanks...

Took me awhile to get back around to digging it up, but after that PR was merged in it exposed this issue which is still open: https://github.com/pulumi/pulumi/issues/11726. I haven't taken the time to go back through and open another example issue with it, because all it would be doing it pointing back to the already open issue 😕 Watching that one for when it closes, one of my primary gripes with pulumi right now is that the teams will release something awesome in a blog post and then it becomes basically abandoned without getting past the POC stage into even some sort of expandable MVP. A la their eks blueprints and ssp https://www.pulumi.com/blog/eks-blueprints-for-pulumi/