This message was deleted.
# aws
s
This message was deleted.
g
You don't need to do anything with
.apply
for
bucket
or
content
in your
aws.s3.BucketObject
. If you're just passing the output of one resource as the input to another resource, you can use the resource output directly. So this:
Copy code
const accessKeysInS3 = new aws.s3.BucketObject(
    "access-keys-in-s3",
    {
        bucket: myS3Bucket.apply(bucket => bucket.id),
        content: encryptedKeys.toString(),
        key: "accesskeys.json.enc"
    },
    { dependsOn: [userIamAccessKeys, encryptedKeys] }
);
can become this:
Copy code
const accessKeysInS3 = new aws.s3.BucketObject(
    "access-keys-in-s3",
    {
        bucket: myS3Bucket.bucket,
        content: encryptedKeys.ciphertextBlob,
        key: "accesskeys.json.enc"
    },
    { dependsOn: [userIamAccessKeys, encryptedKeys] }
);
But, since you are manipulating the values of your
userIamAccessKeys
you do need to create your
plaintext
input in a different way. The reason for this is because those outputs (
userIamAccessKeys.id
and
userIamAccessKeys.secret
) are not yet known until AWS assigns them you need to tell Pulumi to wait for them to become available. Using
pulumi.interpolate
is the easiest way in this case.
So your complete code should look like the attached (with some added at the top for me to test it).
If I view the bucket object after I get what looks like real ciphertext:
Copy code
% aws s3 cp s3://$(pulumi stack output bucketName)/accesskeys.json.enc -
AQICAHgynVhNR5sTVMKg1GXDsF3vTA1FT5McgyMgENLw4aITywE1avXQZYL301sbg/UnP/FlAAAA5jCB4wYJKoZIhvcNAQcGoIHVMIHSAgEAMIHMBgkqhkiG9w0BBwEwHgYJYIZIAWUDBAEuMBEEDINNGvlWSXl4unm+hAIBEICBnmq+JUNE4DPlEhHK5c5CTH3SJ8DFwosDp/tcM6ONQ6zJBwwho7I1IFzdq6NUXiWZ5JlkNLvR8blqWll4tionhUWfOR1NM2CLWuBMRFTXux15kBPKo8l3UY+1q7jp4r0eONUFweQCdrXX/36JQf8OKOY8Ed9SgeXSSW1Tgnnw5B4AJqR1S+0hc33QAupyg0/C0fQmZwsRGE2lasvwTIw4
s
Thank you so much. I really appreciate your help.
👍 1