12/10/2021, 5:51 PM
is there an example in the wild of using a resource's .arn output inside of an iam policy? I want to authorize the specific resource by arn rather than Resources: [ "*" ], but everything I try has failed in one way or another (eg getPolicyDocument expects a string rather than an Output<string>)
trying to do something like this:
const policyElastiCache = new aws.iam.Policy("FooServiceElastiCache", {
    path: "/",
    description: "Foo Service ElastiCache",
    policy: aws.iam.getPolicyDocument({
      version: "2012-10-17",
      statements: [
          actions: [ "elaticache:Describe*", "elasticache:List*"],
          effect: "Allow",
          resources: [redis.arn]
actually i think i may have just gotten it working with getPolicyDocumentOutput instead of getPolicyDocument 🤔
🙌 1