https://pulumi.com logo
Join Slack
Powered by
UNREADABLE POLICY CHANGES: When previewing and loo...
# aws
g
UNREADABLE POLICY CHANGES: When previewing and looking at the diff for Role policies. The Role policies comes out as unreadable JSON text and not as a spread out readable change. Can it be spread out somehow?
Copy code
~ assumeRolePolicy: "\"{\\\"Statement\\\":[{\\\"Action\\\":\\\"sts:AssumeRoleWithWebIdentity\\\",\\\"Condition\\\":{\\\"StringEquals\\\":{\\\"oidc.eks.eu-north-1.amazonaws.com/id/**:sub\\\":[\\\"system:serviceaccount:di-auth:di-auth\\\",\\\"system:serviceaccount:di-auth:di-auth-some-service\\\",\\\"system:serviceaccount:some-other-namespace:some-other-service\\\"]}},\\\"Effect\\\":\\\"Allow\\\",\\\"Principal\\\":{\\\"Federated\\\":\\\"arn:aws:iam::**:oidc-provider/oidc.eks.eu-north-1.amazonaws.com/id/**\\\"},\\\"Sid\\\":\\\"trustEksOidcMultipleServices\\\"}],\\\"Version\\\":\\\"2012-10-17\\\"}\"" => "\"{\\\"Statement\\\":[{\\\"Action\\\":\\\"sts:AssumeRoleWithWebIdentity\\\",\\\"Condition\\\":{\\\"StringEquals\\\":{\\\"oidc.eks.eu-north-1.amazonaws.com/id/**:sub\\\":[\\\"system:serviceaccount:di-auth:di-auth\\\",\\\"system:serviceaccount:di-auth:di-auth-some-service\\\",\\\"system:serviceaccount:some-other-namespace:some-other-service\\\"]}},\\\"Effect\\\":\\\"Allow\\\",\\\"Principal\\\":{\\\"Federated\\\":\\\"arn:aws:iam::**:oidc-provider-222/oidc.eks.eu-north-1.amazonaws.com/id/**\\\"},\\\"Sid\\\":\\\"trustEksOidcMultipleServices\\\"}],\\\"Version\\\":\\\"2012-10-17\\\"}\""
Copy code
import * as aws from "@pulumi/aws";
import exp = require("constants");
import { tags } from "./types";
import { PolicyDocument, PolicyStatement } from "@pulumi/aws/iam";

...
const assumeRolePolicy: PolicyDocument = {
    Version: "2012-10-17",
    Statement: [
        trustRelationshipStatement
    ]
};

const di_auth_service = new aws.iam.Role("di_auth_service", {
    assumeRolePolicy: assumeRolePolicy,
    managedPolicyArns: ["arn:aws:iam::aws:policy/AmazonSESFullAccess"],
    maxSessionDuration: 28800,
    name: "di-auth-service",
    tags: {
        ...tags,
        "asset-type": "IAM Role",
    },
}, {
    protect: true,
});

export const di_auth_service_role_arn = di_auth_service.arn
s
staff are going to ask you to make a ticket on github with steps you used to reproduce it.
a
Hi Thomas, thanks for reporting. Is this the same as https://github.com/pulumi/pulumi/issues/13981? If so, feel free to upvote that so we can better prioritize it.
g
Seems like it could be.
Open in Slack
PreviousNext
Powered by