No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

The canonical way to achieve what you need is to lift the `.then`:
```
const policy = new aws.iam.RolePolicy("ksub-application-role-policy", {
  role: role.name,
  policy: aws.getCallerIdentity().then(resp =&gt; JSON.stringify({
    Version: "2012-10-17",
    Statement: [
      {
        Action: ["ssm:GetParameters"],
        Effect: "Allow",
        Resource:  `arn:aws:ssm:${region}:${resp.accountId}:parameter/KSUB_*`,
      },
      {
        Action: ["kms:Decrypt"],
        Effect: "Allow",
        Resource: kmsKey.arn,
      },
      {
        Action: [
          "autoscaling:Describe*",
          "ec2:Describe*",
          "ec2:Get*",
          "ecs:Describe*",
          "ecs:List*",
          "elasticache:Describe*",
          "elasticache:List*",
          "elasticloadbalancing:Describe*",
          "iam:Get*",
          "iam:List*",
          "ssm:DescribeParameters",
          "rds:Describe*",
          "rds:List*",
        ],
        Effect: "Allow",
        Resource: "*",
      },
    ],
  })),
});
```