Channels
#general
Title
b
brave-angle-33257
11/16/2018, 4:56 PMwhats the easiest way to get the AWS account ID of the current execution for things like IAM policies?
w
white-balloon-205
11/16/2018, 5:02 PM
Copy code
async function getAccountID() {
let identity = await aws.getCallerIdentity();
return identity.accountId;
}
export let accountId = getAccountID();Note that this returns a
Promise.thenawaitb
brave-angle-33257
11/16/2018, 5:03 PMthanks @white-balloon-205!
i got it to work, but I had to wrap basically the entire pulumi infra into a then() function. I tried to just do the policy, then have the role depend on the policy, but that didn't seem to work
in theory if i just have the policy in the then() and then the roles build off that, shouldn't it work?
Copy code
var name = `mylambda.${env_id}`;
async function getAccountId() {
let identity = await aws.getCallerIdentity();
return identity.accountId;
}
getAccountId().then(account_id=>{
/// everything in here using account_id
role = new role
policy = new policymore like this:```var name = `mylambda.${env_id}`;
async function getAccountId() {
let identity = await aws.getCallerIdentity();
return identity.accountId;
}
getAccountId().then(account_id=>{
policy = new policy(using account_id)
})
role = new role(name,{dependsOn:policy})```
w
white-balloon-205
11/16/2018, 7:17 PM
You should be able to do this more simply with something like this:
Copy code
async function createPolicy() {
let identity = await aws.getCallerIdentity();
return JSON.stringify({
"Version": "2012-10-17",
"Statement": {
"Effect": "Allow",
"Principal": { "AWS": `arn:aws:iam::${identity.accountId}:root` },
"Action": "sts:AssumeRole"
}
});
}
let policy = new aws.iam.RolePolicy("policy", {
policy: createPolicy(),
})b
brave-angle-33257
11/16/2018, 7:54 PMok thanks for the great info 📖 i'll try to refactor a bit. definitely want to be doing things as you guys have intended it to work 👍