brief-printer-34348
02/18/2021, 8:22 PMAmazonS3FullAccess
it appears there’s a few scenarios where the PolicyWon’t be correctly attached to a role. As an example if I rename the resource name of the policy attachment it appears that it “creates” and then “deletes” the policy attachment leaving the attachment empty. There’s a few other ways that this seems to occur. What’s the best strategy to ensure the expected policy is always attached to a role?little-cartoon-10569
02/18/2021, 8:27 PMbrief-printer-34348
02/18/2021, 8:49 PM-s3write
to -s3full
to try and force the reattach:
aws.iam.PolicyAttachment(f"{cluster_name}-sa-attach-s3full",
roles=[role_sa.iam_role_name],
policy_arn="arn:aws:iam::aws:policy/AmazonS3FullAccess",
opts=pulumi.ResourceOptions(depends_on=[role_sa]))
little-cartoon-10569
02/18/2021, 8:54 PMbrief-printer-34348
02/19/2021, 3:11 AM