breezy-butcher-78604
12/20/2019, 8:09 AMaws.iam.RolePolicy
and I want to refer to resources in the same AWS account that Pulumi won’t be aware of. for example, i want to do something like this
const taskPolicy = new aws.iam.RolePolicy("flow-log-service-policy", {
role: taskRole.id,
policy: {
Version: "2012-10-17",
Statement: [
{
Effect: "Allow",
Action: [
"logs:CreateLogStream",
"logs:PutLogEvents"
],
Resource: `arn:aws:logs:${pulumi.getAwsRegion}:${pulumi.getAwsAccountId}:log-group:my-log-group:*`
}
]
}
});
aws.getRegion()
and aws.getCallerIdentity()
does what I need