No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

I'm trying to map arns into an IAM policy but `update` keeps rejecting it. At the top of my code, I declare a bucket called `bucket` and an EC2 called `ec2`. But I'm trying to scope down User access to the bucket and the instance.
```
policy: JSON.stringify({
    Version: "2012-10-17",
    Statement: [
      {
        Effect: "Allow",
        Action: [
          "iam:GenerateCredentialReport",
          "iam:GenerateServiceLastAccessedDetails",
          "iam:Get*",
          "iam:List*",
          "iam:CreateAccessKey",
          "iam:ChangePassword",
          "iam:SimulateCustomPolicy",
          "iam:SimulatePrincipalPolicy"
        ],
        Resource: "*"
      },
      {
        Action: ["s3:*"],
        Effect: "Allow",
        Resource: [bucket.arn]
      },
      {
        Effect: "Allow",
        Action: ["ec2:Describe*"],
        Resource: "*"
      },
      {
        Action: [
          "ec2:StartInstances",
          "ec2:StopInstances",
          "ec2:RebootInstances"
        ],
        Resource: [ec2.arn],
        Effect: "Allow"
      }
    ]
  })
```