sparse-intern-71089
05/19/2021, 7:05 PMbillowy-army-68599
dependsOn
here - any reason why? does it work without that?careful-beard-19872
05/19/2021, 7:36 PMcareful-beard-19872
05/19/2021, 7:37 PMbillowy-army-68599
billowy-army-68599
diff: ~name
billowy-army-68599
careful-beard-19872
05/19/2021, 7:39 PMbillowy-army-68599
careful-beard-19872
05/19/2021, 7:40 PMbillowy-army-68599
careful-beard-19872
05/19/2021, 7:42 PMcareful-beard-19872
05/19/2021, 7:42 PMcareful-beard-19872
05/19/2021, 7:45 PMcareful-beard-19872
05/19/2021, 7:47 PMcareful-beard-19872
05/21/2021, 4:47 PMcareful-beard-19872
05/21/2021, 4:48 PMpulumi.all().apply()
Β to pull off. Of course, forcing the apply told the engine that those policy attachments need to be destroyed while the parent role is replaced, and everything worked itself out.
const taskPolicies: aws.iam.Policy[] = [
new aws.iam.Policy("iam-task-ssm-read-policy", { ... }, defaultResourceOptions),
new aws.iam.Policy("iam-task-kms-use-policy", { ... }, defaultResourceOptions),
// SQS,
// S3,
// SNS,
// SSM
]
this.roles = {
ecsExecution: new aws.iam.Role("iam-execution-role", { ... }, defaultResourceOptions),
task: new aws.iam.Role("iam-task-role", { ... }, defaultResourceOptions)
};
const taskPolicyAttachments = pulumi.all(taskPolicies).apply((policies) => {
policies.map((policy,index) =>
new aws.iam.RolePolicyAttachment(`iam-task-role-policy-attachment-${index}`, {
role: this.roles.task.name,
policyArn: policy.arn
}, {
parent: this.roles.task,
dependsOn: [ this.roles.task ]
})
)
})
careful-beard-19872
05/21/2021, 4:49 PMType Name Status Info
pulumi:pulumi:Stack aberrant-io-poc
ββ aberrant:aws:ecs poc-ecs
+- β ββ aws:ecs:TaskDefinition ecs-queue-task-definition replaced [diff: ~taskRoleArn]
~ β β ββ aws:ecs:Service ecs-queue-service updated [diff: ~taskDefinition]
+- β ββ aws:ecs:TaskDefinition ecs-dbMigration-task-definition replaced [diff: ~taskRoleArn]
~ β β ββ aws:ecs:Service ecs-db-migration-service updated [diff: ~taskDefinition]
+- β ββ aws:ecs:TaskDefinition ecs-web-task-definition replaced [diff: ~taskRoleArn]
~ β β ββ aws:ecs:Service ecs-web-service updated [diff: ~taskDefinition]
+- β ββ aws:ecs:TaskDefinition ecs-jobs-task-definition replaced [diff: ~taskRoleArn]
~ β β ββ aws:ecs:Service ecs-jobs-service updated [diff: ~taskDefinition]
+- β ββ aws:ecs:TaskDefinition ecs-es-task-definition replaced [diff: ~taskRoleArn]
~ β ββ aws:ecs:Service ecs-es-service updated [diff: ~taskDefinition]
ββ aberrant:aws:iam poc-iam
+- ββ aws:iam:Role iam-task-role replaced [diff: ~name]
+- ββ aws:iam:RolePolicyAttachment iam-task-role-policy-attachment-1 replaced [diff: ~role]
+- ββ aws:iam:RolePolicyAttachment iam-task-role-policy-attachment-0 replaced [diff: ~role]