SOLVED

Turns out I was missing one : in the arn string causing the policy to render bad.  Updated the Resource below to Resource: "arn:aws:iam::" + await accountId + ":user/${aws:username}" and all is well.

I am trying to write a AWS Self Manage policy and I'm stuck on getting the policy to work with aws internal variables such as

${aws:username}

when inside the JSON policy document. I have tried the terraform way of replacing the

$

with an

&

, but that does not work either. If I replace the Resource string in the policy document with

"*"

it works as expected. I have also tried escaping the

$

and

{}

with a`\` in the code to no avail. Code block in question:

export const IAMSelfManagePolicy = async () => {
const current = aws.getCallerIdentity({ async: true });
const accountId = current.then(current => current.accountId);

const IAMSelfManagePolicy = new aws.iam.Policy("IAMSelfManagePolicy", {
    name: "IAMSelfManagePolicy",
    path: "/",
    description: "Allow users to Self Manage their own credentials",
    policy: JSON.stringify({
      Version: "2012-10-17",
      Statement: [
        {
          Sid: "AllowUserToChangePersonalOptions",
            Effect: "Allow",
            Action: [
              "iam:*AccessKey*",
              "iam:*SSHPublicKey*",
              "iam:*LoginProfile",
              "iam:ChangePassword"
            ],
            Resource: "arn:aws:iam:" + await accountId + ":user/${aws:username}"
        }
      ]
    }),
  });
}