https://pulumi.com logo
#general
Title
# general
c

cool-helicopter-70130

10/02/2018, 7:45 AM
Hi all 👋 I’m trying to create a custom authorizer for an AWS API Gateway. I’ve been following an example in the Terraform documentation - https://www.terraform.io/docs/providers/aws/r/api_gateway_authorizer.html - but I’m coming unstuck when trying to define a role policy that references a lambda. Thread:
AWS responds with
MalformedPolicyDocument: Syntax errors in policy.
, and indeed the policy looks completely wrong
{"Version":"2012-10-17","Statement":[{"Action":"lambda:InvokeFunction","Effect":"Allow","Resource":{"__pulumiOutput":true,"isKnown":{}}}]}
.
I’m creating the policy like so:
Copy code
const invocationPolicy = new aws.iam.RolePolicy(`${apiName}-authorizer-invoke-lambda-role-policy`, {
      role: invocationRole,
      policy: JSON.stringify({
        "Version": "2012-10-17",
        "Statement": [
          {
            "Action": "lambda:InvokeFunction",
            "Effect": "Allow",
            "Resource": authorizerLambda.arn    // <==== HERE
          }
        ]
      }),
    }, { dependsOn: authorizerLambda });    // <=== I tried adding this to see if it would help
I found the answer further up - I needed to use
.apply()
like so:
Copy code
policy: authorizerLambda.arn.apply(arn => JSON.stringify({
        "Version": "2012-10-17",
        "Statement": [
          {
            "Action": "lambda:InvokeFunction",
            "Effect": "Allow",
            "Resource": arn
          }
        ]
      })),
w

white-balloon-205

10/02/2018, 3:27 PM
Yep -
apply
is the key to taking an output from one resource and using it to construct an input for another (in this case the policy document). Glad you found the answer - we know we need more docs on this!