Hi How is it possible to create an IAM Policy with the ARN f Pulumi Community #aws

Hi, How is it possible to create an IAM Policy wi...

billions-forest-38488

11/06/2020, 10:08 AM

Hi, How is it possible to create an IAM Policy with the ARN from an EBS created also within Pulumi: Python Pulumi code:

Copy code

ebs_volume = ebs.Volume(
    resource_name=f"{self.stack_name}-ebs",
    availability_zone=preferred_az,
    size=self.stack_config['ebs_volume_size'],
    encrypted=True,
    tags={
        'Name': f"{self.stack_name}-ebs-data",
    })

policy_params = {
    'EBS_ARN': ebs_volume.arn
}

policy = iam.Policy(
    resource_name=f'{self.stack_name}-instance-policy',
    opts=ResourceOptions(depends_on=[ebs_volume]),
    policy=render_jinja2_template('templates/instance_policy.json', policy_params)
)

Policy Doc snippet:

Copy code

{
    "Effect": "Allow",
    "Action": [
        "ec2:AttachVolume",
        "ec2:DetachVolume"
    ],
    "Resource": [
        "{{ EBS_ARN }}",
        "arn:aws:ec2:*:*:instance/*"
    ]
},

I currently get malformed policy due to

<pulumi.output.Output object at 0x7fb6e7a67880>

Any help would be greatly appreciated! thanks I don't understand how I can (for example): Create a RDS instance and then create a Route53 record based on the RDS endpoint output...

faint-table-42725

11/06/2020, 2:18 PM

This is where you’ll want to use

apply

(https://www.pulumi.com/docs/intro/concepts/programming-model/#outputs):

Copy code

policy=ebs_volume.arn.apply(lambda arn: render_jinja2_template('templates/instance_policy.json', { 'EBS_ARN': arn } )
))

billions-forest-38488

11/09/2020, 9:13 AM

@faint-table-42725 - thank you! reading up on this now!

Open in Slack

Previous Next