:wave: hey folks - if there's a new AWS resource (...
# awsc
chilly-magazine-6129
02/27/2021, 11:07 PMđź‘‹ hey folks - if there's a new AWS resource (like AWS Timestream) that isn't supported by Pulumi (yet) - what would be the right way to give a stack permissions to access it? I get a permissions error when trying to access it using the S3 client
w
white-balloon-205
02/28/2021, 4:57 AM
When you say “give a stack permission to access it”, what exactly do you have in mind? If you need to construct IAM permissions, you should just be able to use the documented principals and resource arn formats that Timestream provides in their docs from your Pulumi IAM or related resources.
c
chilly-magazine-6129
03/01/2021, 5:24 PMchilly-magazine-6129
03/01/2021, 5:25 PMThis is the kind of error we're seeing, and yes I assume it's giving the role more permissions - is there an example to follow on what that would look like? Also, everyone in our team loves Pulumi, from IT to the software engineers. I always feel I need to mention it because you guys are doing a fantastic job
chilly-magazine-6129
03/01/2021, 6:16 PMFigured it out - It was as easy as creating another attached policy and associate it with the same role. I think the less intuitive part (which arguably is because this was the first time we needed to do it) is not having an Array to pass these into vs. defining the objects and from there associating them with the role they'll be attached to. đź‘Ť All good on our end though