No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

FYI, I’ve implemented a typescript package for creating and validating AWS IAM Policy documents. It also parses JSON policy documents and serialises to JSON policy documents. At this stage, it is just the bare minimum that I needed.
<https://github.com/thinkinglabs/aws-iam-policy>

wow! Thierry, this is incredible! Would you be interested in writing a blog post for the Pulumi blog about this?

euh … you take me by surprise :sweat_smile:

Can it produce an aws.iam.PolicyDocument? That form supports Outputs quite well, which JSON doesn't, unfortunately :disappointed:

Increasing the testability of policies is great, they can be quite a hassle normally...

No it does not produce `aws.iam.PolicyDocument` But it is an interesting take.

Indeed testing policies is a hassle. That’s the reason I implemented that module. It allows me to unit test a single policy statement.

Good stuff. aws.iam.PolicyDocument is good for simplifying the creating of policies but it doesn't really change how testable they are.

Well, I first implemented that `aws-iam-policy` package.
Then found out about `aws.iam.getPolicyDocument` . Rewrote everything using `getPolicyDocument`.
To then find out you have to mock that function to be able to unit test. That was disappointing.
I think it was you <@U012UJTT55M> who told me: but you can just assign plain JSON for your policy documents you don’t need `getPolicyDocument` .
That’s when I decided to let go on `getPolicyDocument` and go back to my `aws-iam-policy` package.

I got around the Outputs using `apply` while building up the Policy document.