https://pulumi.com logo
#aws
Title
w

witty-ice-69000

08/13/2020, 4:21 PM
Copy code
[10:53 AM]     instance_assume_role_policy = iam.get_policy_document(
        opts=pulumi.ResourceOptions(depends_on=[user], provider=provider),
        statements=[
            {
                "actions": ["sts:AssumeRole"],
                "effect": "Allow",
                "principals": [
                    {"identifiers": [user.arn.apply(lambda arn: arn)], "type": "AWS"}
                ],
            },
        ],
    )
d

delightful-controller-41497

08/13/2020, 4:24 PM
"Repeated field Values has nil element" You need to provide a "Values" parameter maybe?
w

witty-ice-69000

08/13/2020, 5:15 PM
So what is a "Values" parameter? According to the pulumi docs in this example https://www.pulumi.com/docs/reference/pkg/aws/iam/role/ all I've done is elaborated the example make a specific user ARN assume the role.
Figured out that the user ARN wasn't coming through for some reason. It looks like there is some kind of time out on the user creation that results in a null ARN being fed into the role policy. I thought that using the
depends_on
ResourceOption parameter would gate the policy document on the user creation. Have I done something wrong, or is there a setting that needs to be applied? For context, the user creation looks like this:
Copy code
user = iam.User(
        "pulumi_user",
        name=construct_iam_resource_name("iam_deployment"),
        path=automata_iam_path,
        tags={"purpose": "Account used to perform Pulumi stack updates on CI/CD."},
    )

    user_arn = user.arn.apply(lambda arn: arn)

    instance_assume_role_policy = iam.get_policy_document(
        opts=pulumi.ResourceOptions(depends_on=[user]),
        statements=[
            {
                "actions": ["sts:AssumeRole"],
                "effect": "Allow",
                "principals": [{"identifiers": [user_arn], "type": "AWS"}],
            },
        ],
        version="2012-10-17",
    )
d

delightful-controller-41497

08/13/2020, 7:53 PM
Have you tried without the apply() in
user.arn
? I'm just guessing at this point
w

witty-ice-69000

08/13/2020, 7:57 PM
Using plain
user.arn
fails in the same way.