https://pulumi.com logo
#general
Title
# general
b

brave-angle-33257

11/16/2018, 4:56 PM
whats the easiest way to get the AWS account ID of the current execution for things like IAM policies?
w

white-balloon-205

11/16/2018, 5:02 PM
Copy code
async function getAccountID() {
    let identity = await aws.getCallerIdentity();
    return identity.accountId;
}

export let accountId = getAccountID();
Note that this returns a
Promise
, so you'll need to write your code to construct IAM policies to handle that (with
.then
or
await
),
b

brave-angle-33257

11/16/2018, 5:03 PM
thanks @white-balloon-205!
i got it to work, but I had to wrap basically the entire pulumi infra into a then() function. I tried to just do the policy, then have the role depend on the policy, but that didn't seem to work
in theory if i just have the policy in the then() and then the roles build off that, shouldn't it work?
Copy code
var name = `mylambda.${env_id}`;

async function getAccountId() {
    let identity = await aws.getCallerIdentity();
    return identity.accountId;
}

getAccountId().then(account_id=>{

    /// everything in here using account_id

    role = new role
    policy = new policy
more like this:```var name = `mylambda.${env_id}`; async function getAccountId() { let identity = await aws.getCallerIdentity(); return identity.accountId; } getAccountId().then(account_id=>{ policy = new policy(using account_id) }) role = new role(name,{dependsOn:policy})```
w

white-balloon-205

11/16/2018, 7:17 PM
You should be able to do this more simply with something like this:
Copy code
async function createPolicy() {
    let identity = await aws.getCallerIdentity();
    return JSON.stringify({
        "Version": "2012-10-17",
        "Statement": {
            "Effect": "Allow",
            "Principal": { "AWS": `arn:aws:iam::${identity.accountId}:root` },
            "Action": "sts:AssumeRole"
        }
    });
}

let policy = new aws.iam.RolePolicy("policy", {
    policy: createPolicy(),
})
The key is that you want to use the Promise as data, not as control flow. This is unfortunately somewhat different from the way Promises are commonly used in JavaScript. But in Pulumi programs, thinking of Promises as data that can be passed as inputs to resources often allows code to be much simpler (and less globally impactful).
b

brave-angle-33257

11/16/2018, 7:54 PM
ok thanks for the great info 📖 i'll try to refactor a bit. definitely want to be doing things as you guys have intended it to work 👍
4 Views