This message was deleted.
# typescript
s
This message was deleted.
a
In the docs, I only see examples of
Resource: '*'
but I don’t want that. And I think the arn is not resolved at the time of execution for the Policy. Is this correct?
m
Your output isn't applied which results in a malformed JSON document
what is
Action: [DBAction.Put]
?
I think you have to apply
confirmUserIamRolePolicy
's arn
Also, you might using interpolate instead.
Copy code
pulumi.interpolate`${usersTable.arn}`,
fwiw, here's an example of something similar I have:
Copy code
new aws.iam.RolePolicyAttachment(
  `${appName}-lambda-role-attachment`,
  {
    role: applicationRole,
    policyArn: new aws.iam.Policy(`${appName}-lambda-policy`, {
      policy: {
        Version: "2012-10-17",
        Statement: [
          {
            Sid: "DynamoDBCrud",
            Effect: "Allow",
            Action: [
              "dynamodb:GetItem",
              "dynamodb:DeleteItem",
              "dynamodb:PutItem",
              "dynamodb:Scan",
              "dynamodb:Query",
              "dynamodb:UpdateItem",
              "dynamodb:BatchWriteItem",
              "dynamodb:BatchGetItem",
              "dynamodb:DescribeTable",
              "dynamodb:ConditionCheckItem",
            ],
            Resource: [
              pulumi.interpolate`${eventTransactionsDdbTableArn}`,
              pulumi.interpolate`${eventTransactionsDdbTableArn}/index/*`,
            ]
🙌 1
a
Perfect! Thank you very much!