witty-king-53626
10/20/2023, 1:45 AMpulumi up
. ?
My use case is:
The aws Role must be created prior to passing a statement like
if (selfAssume) {
statements.push({
// yes this is self-assuming
// see <https://aws.amazon.com/blogs/security/announcing-an-update-to-iam-role-trust-policy-behavior/>
effect: 'Allow',
actions: ['sts:AssumeRole'],
principals: [{type: 'AWS', identifiers: [roleArn]}]
})
}
Lest ye get the dreaded
* creating IAM Role ({redacted): MalformedPolicyDocument: Invalid principal in policy: "AWS":"arn:aws:iam::REDACTED:role/REDACTED
status code: 400, request id: 432f4a8f-813b-413e-83b2-d2b6bf18cfd6
This error occurs because the resource doesnt exist when it is being created with its self-assuming ARN.
Any ideas?little-cartoon-10569
10/22/2023, 10:58 PMwitty-king-53626
10/23/2023, 2:18 AMlittle-cartoon-10569
10/23/2023, 6:27 PMwitty-king-53626
10/23/2023, 6:32 PMlittle-cartoon-10569
10/23/2023, 6:37 PM