Is it possible that we can only have a single `aws...
# aws
Is it possible that we can only have a single
? I want to be able to attach a user to a group, independently from the users already part of that group. Therefore, in my User component, I am creating a
specifically for that user-group relationship:
Copy code
new aws.iam.GroupMembership(
          users: [username],
          group: group,
However, it appears that this group membership gets overwritten by each user, even if all GroupMembership resources have unique names. The first time I run my stack, the group is correctly created in IAM with all users, however the state doesn’t seem to be updated correctly, because the next time I run the stack (while there is supposed to be no change), it removes all users from group in IAM but one. I assuming it’s a bug, because the second run of the stack should be idempotent.
Yes. You need to user UserGroupMembership to achieve this. This is because of the AWS SDK, not Pulumi.
aws_iam_group_membership will conflict with itself if used more than once with the same group. To non-exclusively manage the users in a group, see the aws_iam_user_group_membership
Thank you so much @little-cartoon-10569, that explains everything! 😁 🙏
👍 1
…and it’s much simpler for my use-case, because I can attach all groups to my user using a single resource, instead of many! 🎉
Unfortunately, I don’t see an equivalent of that for attaching multiple policies to a group using a single resource, correct? 😕
Normally, a single policy with multiple statements is used for that sort of thing...
But no, there is no one-to-many group:policy mapping.
Loops to the rescue!