Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
package-authoring
pulumi-ai
pulumi-cdk
pulumi-cloud
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Title
c
curved-pharmacist-41509
05/31/2021, 3:15 AMOr should I do something like this
const role = new Role('role')
const policy = new Policy('policy', {})
const rpa = new RolePolicyAttachment('rpa', { role, policy })
const myLambda = new Lambda('lambda', { executionRole: role }, { dependsOn: [rpa] })l
little-cartoon-10569
05/31/2021, 3:18 AMYou'll need to do this.
c
curved-pharmacist-41509
05/31/2021, 3:19 AMGreat, thanks for confirming
👍 1
This would be awesome to have an implicit dependency here. It prevents a component resource creating the execution role, then attaching additional resource policies to that execution policy outside of the component resource
l
little-cartoon-10569
05/31/2021, 3:23 AMYes, though the explicit dependency is good for self-documentation purposes. And would there be cases where Pulumi would guess incorrectly? For example, if there were multiple RolePolicyAttachments and only one was relevant to the lambda?
c
curved-pharmacist-41509
05/31/2021, 3:54 AMPossible.
Thoughts on this pattern?
const executionRole = new LambdaExecutionRole()
new Lambda('', { role: executionRole.role }, { dependsOn: [executionRole] }))
executionRole.attachPolicy(...)