05/28/2021, 9:18 PM
Turns out I was missing one : in the arn string causing the policy to render bad.  Updated the Resource below to Resource: "arn:aws:iam::" + await accountId + ":user/${aws:username}" and all is well.
I am trying to write a AWS Self Manage policy and I'm stuck on getting the policy to work with aws internal variables such as
when inside the JSON policy document. I have tried the terraform way of replacing the
with an
, but that does not work either. If I replace the Resource string in the policy document with
it works as expected. I have also tried escaping the
with a`\` in the code to no avail. Code block in question:
export const IAMSelfManagePolicy = async () => {
const current = aws.getCallerIdentity({ async: true });
const accountId = current.then(current => current.accountId);

const IAMSelfManagePolicy = new aws.iam.Policy("IAMSelfManagePolicy", {
    name: "IAMSelfManagePolicy",
    path: "/",
    description: "Allow users to Self Manage their own credentials",
    policy: JSON.stringify({
      Version: "2012-10-17",
      Statement: [
          Sid: "AllowUserToChangePersonalOptions",
            Effect: "Allow",
            Action: [
            Resource: "arn:aws:iam:" + await accountId + ":user/${aws:username}"