No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

How can I declare a KMS Key with a policy that references the ID of the declared key? e.g.

```  // KMS
  // <https://docs.aws.amazon.com/awscloudtrail/latest/userguide/encrypting-cloudtrail-log-files-with-aws-kms.html>
  const cloudTrailKmsKey: aws.kms.Key = new aws.kms.Key(`${appName}-kms-trail-key`, {
    deletionWindowInDays: 7,
    description: "CloudTrail Trail key",
    policy: accountId.apply(awsAccountId =&gt; {
      return JSON.stringify({
        Version: "2012-10-17",
        Statement: [
          {
            Sid: "AllowRootForKms",
            Effect: "Allow",
            Principal: { AWS: `arn:aws:iam::${awsAccountId}:root` },
            Action: "kms:*",
            Resource: "*",
          },
          {
            Sid: "AllowCloudTrailDecryptLogs",
            Effect: "Allow",
            Principal: { Service: "<http://cloudtrail.amazonaws.com|cloudtrail.amazonaws.com>" },
            Action: "kms:Decrypt",
            Resource: "${cloudTrailKmsKey.arn} GOES HERE",
            Condition: {
              Null: { "kms:EncryptionContext:aws:cloudtrail:arn": "false" },
            },
          },
        ],
      });
    }),
  });```