salmon-ghost-86211
07/15/2020, 2:27 PMuserIamAccessKeys.id
or userIamAccessKeys.secret
is the only content
on the BucketObject, it writes successfully.
If encryptedKeys
ciphertext is the content
, the text written is [object Object]
.
I can't seem to use toJSON
or toString
or .apply
to build the ciphertext.
How do I pull out some details from the AccessKey
, convert it to Ciphertext
and insert it into the BucketObject
content
?
const userIamAccessKeys = new aws.iam.AccessKey(
"iam-access-key",
{ user: iamUser.name, },
{ dependsOn: iamUser }
);
const encryptedKeys = new aws.kms.Ciphertext(
"user-encrypted-keys",
{
keyId: myKms.keyId,
plaintext: `{
"access_key": ${userIamAccessKeys.id},
"secret_key": ${userIamAccessKeys.secret}
}
`
},
{ dependsOn: userIamAccessKeys }
);
// Store the already encrypted access keys in S3
const accessKeysInS3 = new aws.s3.BucketObject(
"access-keys-in-s3",
{
bucket: myS3Bucket.apply(bucket => bucket.id),
content: encryptedKeys.toString(),
key: "accesskeys.json.enc"
},
{ dependsOn: [userIamAccessKeys, encryptedKeys] }
);
gentle-diamond-70147
07/15/2020, 3:33 PM.apply
for bucket
or content
in your aws.s3.BucketObject
. If you're just passing the output of one resource as the input to another resource, you can use the resource output directly.
So this:
const accessKeysInS3 = new aws.s3.BucketObject(
"access-keys-in-s3",
{
bucket: myS3Bucket.apply(bucket => bucket.id),
content: encryptedKeys.toString(),
key: "accesskeys.json.enc"
},
{ dependsOn: [userIamAccessKeys, encryptedKeys] }
);
can become this:
const accessKeysInS3 = new aws.s3.BucketObject(
"access-keys-in-s3",
{
bucket: myS3Bucket.bucket,
content: encryptedKeys.ciphertextBlob,
key: "accesskeys.json.enc"
},
{ dependsOn: [userIamAccessKeys, encryptedKeys] }
);
userIamAccessKeys
you do need to create your plaintext
input in a different way. The reason for this is because those outputs (userIamAccessKeys.id
and userIamAccessKeys.secret
) are not yet known until AWS assigns them you need to tell Pulumi to wait for them to become available. Using pulumi.interpolate
is the easiest way in this case.% aws s3 cp s3://$(pulumi stack output bucketName)/accesskeys.json.enc -
AQICAHgynVhNR5sTVMKg1GXDsF3vTA1FT5McgyMgENLw4aITywE1avXQZYL301sbg/UnP/FlAAAA5jCB4wYJKoZIhvcNAQcGoIHVMIHSAgEAMIHMBgkqhkiG9w0BBwEwHgYJYIZIAWUDBAEuMBEEDINNGvlWSXl4unm+hAIBEICBnmq+JUNE4DPlEhHK5c5CTH3SJ8DFwosDp/tcM6ONQ6zJBwwho7I1IFzdq6NUXiWZ5JlkNLvR8blqWll4tionhUWfOR1NM2CLWuBMRFTXux15kBPKo8l3UY+1q7jp4r0eONUFweQCdrXX/36JQf8OKOY8Ed9SgeXSSW1Tgnnw5B4AJqR1S+0hc33QAupyg0/C0fQmZwsRGE2lasvwTIw4
salmon-ghost-86211
07/15/2020, 3:41 PM