So when using cloudformation templates, there’s special variable I can use to refer to the account id and/or the template is being deployed into. does a similar thing exist in pulumi? For example I’m creating a

aws.iam.RolePolicy

and I want to refer to resources in the same AWS account that Pulumi won’t be aware of. for example, i want to do something like this

const taskPolicy = new aws.iam.RolePolicy("flow-log-service-policy", {
    role: taskRole.id,
    policy: {
        Version: "2012-10-17",
        Statement: [
            {
                Effect: "Allow",
                Action: [
                    "logs:CreateLogStream",
                    "logs:PutLogEvents"
                ],
                Resource: `arn:aws:logs:${pulumi.getAwsRegion}:${pulumi.getAwsAccountId}:log-group:my-log-group:*`
            }
        ]
    }
});