rich-leather-25702
03/03/2021, 12:22 PMconst contentBucket = new aws.s3.Bucket('s3bucket',
{
bucket: 'bucket-1',
acl: 'public-read',
});
const s3Policy = new aws.iam.Policy('s3-test-policy', {
policy: JSON.stringify({
Version: '2012-10-17',
Statement: [{
Action: [
's3:ListBucket',
's3:GetObject ',
],
Effect: 'Allow',
Resource: contentBucket.arn
}]
})
});
Which returns
aws:iam:Policy (s3-test-policy):
error: 1 error occurred:
* Error creating IAM policy shu-tower-frontend-dev-s3-policy-4518918: MalformedPolicyDocument: Partition "
1" is not valid for resource "arn:
1: o.apply(v => v.toJSON())
2: o.apply(v => JSON.stringify(v))
I’ve read the Inputs and Outputs page, but nothing I do seems to reveal the ARN of the resource (even though I can see in the Pulumi console that it was successfully created.fierce-television-51712
03/03/2021, 1:08 PMpolicy = contentBucket.arn.apply((arn) => {
return JSON.stringify({
Version: '2012-10-17',
...
Resource: arn
}
})
const s3Policy = new aws.iam.Policy('s3-test-policy', {
policy: policy
});
future-nightfall-79300
03/03/2021, 1:37 PMpulumi.all([bucket.arn, bucket.arn]).apply(..
Similar to what Brian already mentionedsquare-dress-80180
03/03/2021, 6:33 PMcontentBucket.apply((bucket) => bucket.arn ...)
instead of contentBucket.arn.apply()
. I would have guessed that the arn attr is not available at runtime yet and throws an error.little-cartoon-10569
03/03/2021, 8:05 PMcontentBucket.arn.apply()
.rich-leather-25702
03/03/2021, 8:26 PMTS2554: Expected 1 arguments, but got 0. output.d.ts(139, 14): An argument for 'func' was not provided.
contentBucket.arn.apply((arn) => arn)
to no avail, same error as before.little-cartoon-10569
03/03/2021, 8:29 PMrich-leather-25702
03/03/2021, 8:32 PMlittle-cartoon-10569
03/03/2021, 8:34 PMrich-leather-25702
03/03/2021, 8:40 PMconst arnVal = contentBucket.arn.apply((arn) => {
return arn;
});
or
const arnVal = contentBucket.arn.apply((arn) => {
return arn;
});
both return the same error:
Calling [toString] on an [Output<T>] is not supported.
To get the value of an Output<T> as an Output<string> consider either:
1: o.apply(v => `prefix${v}suffix`)
2: pulumi.interpolate `prefix${v}suffix`
little-cartoon-10569
03/03/2021, 8:40 PMresource
property gets an array, with an Output value. It's not a string that's been created by JSON.stringify containing an output; it's just an output. Pulumi handles this case, but not the JSON.stringify case.rich-leather-25702
03/03/2021, 8:46 PMindex.ts(273,3): error TS2322: Type '{ Version: string; Statement: { Action: string[]; Effect: string; Resource: pulumi.Output<string>[]; }[]; }' is not assignable to type 'Input<string | PolicyDocument>'.
Type '{ Version: string; Statement: { Action: string[]; Effect: string; Resource: pulumi.Output<string>[]; }[]; }' is not assignable to type 'PolicyDocument'.
Types of property 'Version' are incompatible.
Type 'string' is not assignable to type 'Input<"2012-10-17" | "2008-10-17">'.
little-cartoon-10569
03/03/2021, 8:47 PMaws.iam.PolicyDocument
. TS looked after everything else. It even highlighted my syntax errors in VSCode as I typed...const policyDoc
to const policyDoc: aws.iam.PolicyDocuemnt
rich-leather-25702
03/03/2021, 8:50 PMaws.iam.PolicyDocument
yields the result, can’t believe the gotcha was the JSON.stringify bit!little-cartoon-10569
03/03/2021, 8:51 PMsquare-dress-80180
03/03/2021, 9:00 PMrich-leather-25702
03/04/2021, 11:59 AMconst cfPolicyDoc: aws.iam.PolicyDocument = {
Version: '2012-10-17',
Statement: [{
Action: [
'cloudfront:CreateInvalidation'
],
Effect: 'Allow',
Resource: [cdn.arn]
}]
};
const cfPolicy = new aws.iam.Policy('cf-policy', {
policy: cfPolicyDoc
});
fierce-television-51712
03/04/2021, 12:02 PM