This message was deleted.

sparse-intern-71089

09/29/2022, 10:07 AM

This message was deleted.

steep-lamp-20408

09/29/2022, 10:26 AM

Solved, thanks to the first answer here: https://stackoverflow.com/questions/42444130/python-multi-line-json-and-variables We just need to do this:

Copy code

import pulumi_aws as aws

iam_role = aws.iam.Role(
        "my-role",
        name="my-role",
        assume_role_policy="""{
                ...
            }
        """,
        inline_policies=[
            aws.iam.RoleInlinePolicyArgs(
                name=f"my-policy-{stack_name}",
                policy="""{
                            "Version": "2012-10-17",
                            "Statement": [
                                {
                                    "Effect": "Allow",
                                    "Action": [
                                        "dynamodb:BatchGetItem",
                                        "dynamodb:GetItem",
                                        "dynamodb:Query",
                                        "dynamodb:Scan",
                                    ],
                                    "Resource": "arn:aws:dynamodb:ap-northeast-1:123456:table/myTablesPrefix-{stack_name}-*"
                                }
                            ]
                        }
                    """.format(stack_name=stack_name)
            ),
        ],
    )

stocky-restaurant-98004

09/29/2022, 1:59 PM

I think you'll have an easier time with IAM policies using

json.dumps

for what it's worth. Writing a Python map is significantly easier and less fragile.

45 Views

Open in Slack

Previous Next

Pulumi Community

No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.