No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

that is an example of what i see every time

the only real changes were to cluster and nodegroup

Are you changing the name every time? Can't see in that screenshot. The code would probably be more useful?

```eks_admin_role = aws.iam.Role(
    "itplat_eks_clusteradmin_role",
    assume_role_policy=eks_assume_role_policy,
    name="itplat_eks_clusteradmin_role",
    tags={
        "clusterAccess": "itplat_eks_admin",
    },
    opts=pulumi.ResourceOptions(provider=providers['us-east-1']),```

```# attach AmazonEC2FullAccess policy to the eks_admin_role
eksworker_policy_attachment_admin_role = aws.iam.RolePolicyAttachment(
    "eksworker_attach_ec2Policy_to_" + str(eks_admin_role.name),
    policy_arn="arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy",
    role=eks_admin_role.name,
    opts=pulumi.ResourceOptions(provider=providers['us-east-1']),
)```

the same code is duplicated for other roles and attachments but the structure is the same

That looks like the problem. `eks_admin_role.name` is an output, and non-deterministic.

Use the same value as you pass in to the role, rather than the name from the role, even though they have the same value.

erm . . . i would prefer not to as i want to have them generated later

are you saying eks_admin_role.name is not a string ?

You can use the same variable and pass it to both constructors

Yes, it's not a string, it's an Output&lt;string&gt;.

No, it's not available at construction time.

It comes back from the provisioning of the resource asynchronously, potentially long after construction time.

ok that is enough to get me past my current issue… i will redesign as per your suggestion