careful-beard-19872
05/19/2021, 7:05 PMbillowy-army-68599
05/19/2021, 7:33 PMdependsOn
here - any reason why? does it work without that?careful-beard-19872
05/19/2021, 7:36 PMbillowy-army-68599
05/19/2021, 7:38 PMdiff: ~name
careful-beard-19872
05/19/2021, 7:39 PMbillowy-army-68599
05/19/2021, 7:40 PMcareful-beard-19872
05/19/2021, 7:40 PMbillowy-army-68599
05/19/2021, 7:41 PMcareful-beard-19872
05/19/2021, 7:42 PMpulumi.all().apply()
Β to pull off. Of course, forcing the apply told the engine that those policy attachments need to be destroyed while the parent role is replaced, and everything worked itself out.
const taskPolicies: aws.iam.Policy[] = [
new aws.iam.Policy("iam-task-ssm-read-policy", { ... }, defaultResourceOptions),
new aws.iam.Policy("iam-task-kms-use-policy", { ... }, defaultResourceOptions),
// SQS,
// S3,
// SNS,
// SSM
]
this.roles = {
ecsExecution: new aws.iam.Role("iam-execution-role", { ... }, defaultResourceOptions),
task: new aws.iam.Role("iam-task-role", { ... }, defaultResourceOptions)
};
const taskPolicyAttachments = pulumi.all(taskPolicies).apply((policies) => {
policies.map((policy,index) =>
new aws.iam.RolePolicyAttachment(`iam-task-role-policy-attachment-${index}`, {
role: this.roles.task.name,
policyArn: policy.arn
}, {
parent: this.roles.task,
dependsOn: [ this.roles.task ]
})
)
})
Type Name Status Info
pulumi:pulumi:Stack aberrant-io-poc
ββ aberrant:aws:ecs poc-ecs
+- β ββ aws:ecs:TaskDefinition ecs-queue-task-definition replaced [diff: ~taskRoleArn]
~ β β ββ aws:ecs:Service ecs-queue-service updated [diff: ~taskDefinition]
+- β ββ aws:ecs:TaskDefinition ecs-dbMigration-task-definition replaced [diff: ~taskRoleArn]
~ β β ββ aws:ecs:Service ecs-db-migration-service updated [diff: ~taskDefinition]
+- β ββ aws:ecs:TaskDefinition ecs-web-task-definition replaced [diff: ~taskRoleArn]
~ β β ββ aws:ecs:Service ecs-web-service updated [diff: ~taskDefinition]
+- β ββ aws:ecs:TaskDefinition ecs-jobs-task-definition replaced [diff: ~taskRoleArn]
~ β β ββ aws:ecs:Service ecs-jobs-service updated [diff: ~taskDefinition]
+- β ββ aws:ecs:TaskDefinition ecs-es-task-definition replaced [diff: ~taskRoleArn]
~ β ββ aws:ecs:Service ecs-es-service updated [diff: ~taskDefinition]
ββ aberrant:aws:iam poc-iam
+- ββ aws:iam:Role iam-task-role replaced [diff: ~name]
+- ββ aws:iam:RolePolicyAttachment iam-task-role-policy-attachment-1 replaced [diff: ~role]
+- ββ aws:iam:RolePolicyAttachment iam-task-role-policy-attachment-0 replaced [diff: ~role]