SOLVED ```Turns out I was missing one : in the arn...
# aws
p
SOLVED
Copy code
Turns out I was missing one : in the arn string causing the policy to render bad.  Updated the Resource below to Resource: "arn:aws:iam::" + await accountId + ":user/${aws:username}" and all is well.
I am trying to write a AWS Self Manage policy and I'm stuck on getting the policy to work with aws internal variables such as
${aws:username}
when inside the JSON policy document. I have tried the terraform way of replacing the
$
with an
&
, but that does not work either. If I replace the Resource string in the policy document with
"*"
it works as expected. I have also tried escaping the
$
and
{}
with a`\` in the code to no avail. Code block in question:
Copy code
export const IAMSelfManagePolicy = async () => {
const current = aws.getCallerIdentity({ async: true });
const accountId = current.then(current => current.accountId);

const IAMSelfManagePolicy = new aws.iam.Policy("IAMSelfManagePolicy", {
    name: "IAMSelfManagePolicy",
    path: "/",
    description: "Allow users to Self Manage their own credentials",
    policy: JSON.stringify({
      Version: "2012-10-17",
      Statement: [
        {
          Sid: "AllowUserToChangePersonalOptions",
            Effect: "Allow",
            Action: [
              "iam:*AccessKey*",
              "iam:*SSHPublicKey*",
              "iam:*LoginProfile",
              "iam:ChangePassword"
            ],
            Resource: "arn:aws:iam:" + await accountId + ":user/${aws:username}"
        }
      ]
    }),
  });
}