Channels
#aws
Title
w
witty-ice-69000
08/13/2020, 4:21 PM Copy code
[10:53 AM] instance_assume_role_policy = iam.get_policy_document(
opts=pulumi.ResourceOptions(depends_on=[user], provider=provider),
statements=[
{
"actions": ["sts:AssumeRole"],
"effect": "Allow",
"principals": [
{"identifiers": [user.arn.apply(lambda arn: arn)], "type": "AWS"}
],
},
],
)d
delightful-controller-41497
08/13/2020, 4:24 PM"Repeated field Values has nil element"
You need to provide a "Values" parameter maybe?
w
witty-ice-69000
08/13/2020, 5:15 PMSo what is a "Values" parameter? According to the pulumi docs in this example https://www.pulumi.com/docs/reference/pkg/aws/iam/role/ all I've done is elaborated the example make a specific user ARN assume the role.
Figured out that the user ARN wasn't coming through for some reason. It looks like there is some kind of time out on the user creation that results in a null ARN being fed into the role policy.
I thought that using the
depends_on Copy code
user = iam.User(
"pulumi_user",
name=construct_iam_resource_name("iam_deployment"),
path=automata_iam_path,
tags={"purpose": "Account used to perform Pulumi stack updates on CI/CD."},
)
user_arn = user.arn.apply(lambda arn: arn)
instance_assume_role_policy = iam.get_policy_document(
opts=pulumi.ResourceOptions(depends_on=[user]),
statements=[
{
"actions": ["sts:AssumeRole"],
"effect": "Allow",
"principals": [{"identifiers": [user_arn], "type": "AWS"}],
},
],
version="2012-10-17",
)d
delightful-controller-41497
08/13/2020, 7:53 PMHave you tried without the apply() in
user.arnw
witty-ice-69000
08/13/2020, 7:57 PMUsing plain
user.arn