https://pulumi.com logo
#aws
Title
# aws
b

billions-forest-38488

11/06/2020, 10:08 AM
Hi, How is it possible to create an IAM Policy with the ARN from an EBS created also within Pulumi: Python Pulumi code:
Copy code
ebs_volume = ebs.Volume(
    resource_name=f"{self.stack_name}-ebs",
    availability_zone=preferred_az,
    size=self.stack_config['ebs_volume_size'],
    encrypted=True,
    tags={
        'Name': f"{self.stack_name}-ebs-data",
    })

policy_params = {
    'EBS_ARN': ebs_volume.arn
}

policy = iam.Policy(
    resource_name=f'{self.stack_name}-instance-policy',
    opts=ResourceOptions(depends_on=[ebs_volume]),
    policy=render_jinja2_template('templates/instance_policy.json', policy_params)
)
Policy Doc snippet:
Copy code
{
    "Effect": "Allow",
    "Action": [
        "ec2:AttachVolume",
        "ec2:DetachVolume"
    ],
    "Resource": [
        "{{ EBS_ARN }}",
        "arn:aws:ec2:*:*:instance/*"
    ]
},
I currently get malformed policy due to
<pulumi.output.Output object at 0x7fb6e7a67880>
Any help would be greatly appreciated! thanks I don't understand how I can (for example): Create a RDS instance and then create a Route53 record based on the RDS endpoint output...
f

faint-table-42725

11/06/2020, 2:18 PM
This is where you’ll want to use
apply
(https://www.pulumi.com/docs/intro/concepts/programming-model/#outputs):
Copy code
policy=ebs_volume.arn.apply(lambda arn: render_jinja2_template('templates/instance_policy.json', { 'EBS_ARN': arn } )
))
b

billions-forest-38488

11/09/2020, 9:13 AM
@faint-table-42725 - thank you! reading up on this now!