This message was deleted.
s
sparse-intern-71089
08/31/2022, 8:03 PMThis message was deleted.
p
prehistoric-sandwich-7272
08/31/2022, 8:05 PMsince I used the function
s3.NewBucketPolicy Copy code
Duplicate resource URN 'urn:pulumi:staging::my-bucket::aws:s3/bucketV2:BucketV2::my-bucket'; try giving it a unique nameb
billowy-army-68599
08/31/2022, 8:14 PM
@prehistoric-sandwich-7272 can you share your code?
p
prehistoric-sandwich-7272
08/31/2022, 8:34 PM@billowy-army-68599
Copy code
// Create folder
folder, _ := s3Pkg.NewBucketObjectv2(ctx, "test-folder", &s3Pkg.BucketObjectv2Args{
Key: pulumi.String("test-folder/test-directory/"),
Bucket: pulumi.String("my-bucket"),
})
_ = pulumi.All("my-bucket", oaiArn).ApplyT(func(inputs []interface{}) error {
bucketName := inputs[0].(string)
oaiApplied := inputs[1].(string)
bucketObject, err := s3Pkg.GetBucketV2(ctx, bucketName, pulumi.ID(bucketName), nil)
if err != nil {
log.Fatalf("Got error while trying to get bucket!")
return err
}
allowAccessFromOai := iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{
Statements: iam.GetPolicyDocumentStatementArray{
&iam.GetPolicyDocumentStatementArgs{
Sid: pulumi.String(bucketName),
Principals: iam.GetPolicyDocumentStatementPrincipalArray{
&iam.GetPolicyDocumentStatementPrincipalArgs{
Type: pulumi.String("AWS"),
Identifiers: pulumi.StringArray{
pulumi.String(oaiApplied),
},
},
},
Actions: pulumi.StringArray{
pulumi.String("s3:GetObject"),
},
Resources: pulumi.StringArray{
bucketObject.Arn.ApplyT(func(arn string) (string, error) {
return fmt.Sprintf("%v/*", arn), nil
}).(pulumi.StringOutput),
},
},
},
}, nil)
return nil
})
_, err = s3Pkg.NewBucketPolicy(ctx, "allowAccessFromOai", &s3Pkg.BucketPolicyArgs{
Bucket: bucketObject.ID(),
Policy: allowAccessFromOai.ApplyT(func(allowAccessFromAnotherAccountPolicyDocument iam.GetPolicyDocumentResult) (string, error) {
return allowAccessFromAnotherAccountPolicyDocument.Json, nil
}).(pulumi.StringOutput),
})prehistoric-sandwich-7272
08/31/2022, 8:36 PMthat’s without the bucket creation, not really relevant
so after the above code is done (folder creation inside the s3 bucket + oai + bucket permissions)
I want to run the above code with a different folder inside the same bucket, and add to the same bucket permissions
prehistoric-sandwich-7272
08/31/2022, 8:36 PMthe before and after are above in my first message, the two JSON’s
b
billowy-army-68599
08/31/2022, 8:39 PM
you should be able to create a new policy and use NewBucketPolicyAttachment without much issue, the duoplicate urn thing is because you’re giving both resources the same name
billowy-army-68599
08/31/2022, 8:39 PM
if you get to the stage where you get that error aghain and share the code I can help you fix it
p
prehistoric-sandwich-7272
08/31/2022, 9:59 PM@billowy-army-68599 so the error was indeed caused by the duplicate resource names so I changed it and it was fixed
now when I run the code for the second service I get no error (yay) but the bucket policy is overwritten
prehistoric-sandwich-7272
08/31/2022, 9:59 PM@billowy-army-68599 any way to just add a statement to an existing s3 bucket policy?
b
billowy-army-68599
08/31/2022, 10:05 PM
unfortunately not, BucketPolicy doesn’t have a PolicyAttachment like mechanism I’m afraid. you’ll need to create the policy in one go
p
prehistoric-sandwich-7272
08/31/2022, 10:41 PM@billowy-army-68599 end up writing a package that adds permission statement to a policy json and creates a new bucket permission with it.. maybe i will open a PR soon for u guys 😜
23 Views
Pulumi Community
No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.
Powered by