witty-ice-69000
08/13/2020, 4:21 PM[10:53 AM] instance_assume_role_policy = iam.get_policy_document(
opts=pulumi.ResourceOptions(depends_on=[user], provider=provider),
statements=[
{
"actions": ["sts:AssumeRole"],
"effect": "Allow",
"principals": [
{"identifiers": [user.arn.apply(lambda arn: arn)], "type": "AWS"}
],
},
],
)
delightful-controller-41497
08/13/2020, 4:24 PMwitty-ice-69000
08/13/2020, 5:15 PMdepends_on
ResourceOption parameter would gate the policy document on the user creation. Have I done something wrong, or is there a setting that needs to be applied?
For context, the user creation looks like this:
user = iam.User(
"pulumi_user",
name=construct_iam_resource_name("iam_deployment"),
path=automata_iam_path,
tags={"purpose": "Account used to perform Pulumi stack updates on CI/CD."},
)
user_arn = user.arn.apply(lambda arn: arn)
instance_assume_role_policy = iam.get_policy_document(
opts=pulumi.ResourceOptions(depends_on=[user]),
statements=[
{
"actions": ["sts:AssumeRole"],
"effect": "Allow",
"principals": [{"identifiers": [user_arn], "type": "AWS"}],
},
],
version="2012-10-17",
)
delightful-controller-41497
08/13/2020, 7:53 PMuser.arn
? I'm just guessing at this pointwitty-ice-69000
08/13/2020, 7:57 PMuser.arn
fails in the same way.