No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

wow! Thierry, this is incredible! Would you be interested in writing a blog post for the Pulumi blog about this?

euh … you take me by surprise :sweat_smile:

Can it produce an aws.iam.PolicyDocument? That form supports Outputs quite well, which JSON doesn't, unfortunately :disappointed:

Increasing the testability of policies is great, they can be quite a hassle normally...

No it does not produce `aws.iam.PolicyDocument` But it is an interesting take.

Indeed testing policies is a hassle. That’s the reason I implemented that module. It allows me to unit test a single policy statement.

Good stuff. aws.iam.PolicyDocument is good for simplifying the creating of policies but it doesn't really change how testable they are.

Well, I first implemented that `aws-iam-policy` package.
Then found out about `aws.iam.getPolicyDocument` . Rewrote everything using `getPolicyDocument`.
To then find out you have to mock that function to be able to unit test. That was disappointing.
I think it was you <@U012UJTT55M> who told me: but you can just assign plain JSON for your policy documents you don’t need `getPolicyDocument` .
That’s when I decided to let go on `getPolicyDocument` and go back to my `aws-iam-policy` package.

I got around the Outputs using `apply` while building up the Policy document.