sparse-intern-71089
07/15/2020, 2:27 PMgentle-diamond-70147
07/15/2020, 3:33 PM.apply
for bucket
or content
in your aws.s3.BucketObject
. If you're just passing the output of one resource as the input to another resource, you can use the resource output directly.
So this:
const accessKeysInS3 = new aws.s3.BucketObject(
"access-keys-in-s3",
{
bucket: myS3Bucket.apply(bucket => bucket.id),
content: encryptedKeys.toString(),
key: "accesskeys.json.enc"
},
{ dependsOn: [userIamAccessKeys, encryptedKeys] }
);
can become this:
const accessKeysInS3 = new aws.s3.BucketObject(
"access-keys-in-s3",
{
bucket: myS3Bucket.bucket,
content: encryptedKeys.ciphertextBlob,
key: "accesskeys.json.enc"
},
{ dependsOn: [userIamAccessKeys, encryptedKeys] }
);
gentle-diamond-70147
07/15/2020, 3:34 PMuserIamAccessKeys
you do need to create your plaintext
input in a different way. The reason for this is because those outputs (userIamAccessKeys.id
and userIamAccessKeys.secret
) are not yet known until AWS assigns them you need to tell Pulumi to wait for them to become available. Using pulumi.interpolate
is the easiest way in this case.gentle-diamond-70147
07/15/2020, 3:35 PMgentle-diamond-70147
07/15/2020, 3:36 PM% aws s3 cp s3://$(pulumi stack output bucketName)/accesskeys.json.enc -
AQICAHgynVhNR5sTVMKg1GXDsF3vTA1FT5McgyMgENLw4aITywE1avXQZYL301sbg/UnP/FlAAAA5jCB4wYJKoZIhvcNAQcGoIHVMIHSAgEAMIHMBgkqhkiG9w0BBwEwHgYJYIZIAWUDBAEuMBEEDINNGvlWSXl4unm+hAIBEICBnmq+JUNE4DPlEhHK5c5CTH3SJ8DFwosDp/tcM6ONQ6zJBwwho7I1IFzdq6NUXiWZ5JlkNLvR8blqWll4tionhUWfOR1NM2CLWuBMRFTXux15kBPKo8l3UY+1q7jp4r0eONUFweQCdrXX/36JQf8OKOY8Ed9SgeXSSW1Tgnnw5B4AJqR1S+0hc33QAupyg0/C0fQmZwsRGE2lasvwTIw4
salmon-ghost-86211
07/15/2020, 3:41 PM