whats the easiest way to get the AWS account ID of the curre Pulumi Community #general

Join Slack

whats the easiest way to get the AWS account ID of...

# general

brave-angle-33257

11/16/2018, 4:56 PM

whats the easiest way to get the AWS account ID of the current execution for things like IAM policies?

white-balloon-205

11/16/2018, 5:02 PM

Copy code

async function getAccountID() {
    let identity = await aws.getCallerIdentity();
    return identity.accountId;
}

export let accountId = getAccountID();

white-balloon-205

11/16/2018, 5:03 PM

Note that this returns a

Promise

, so you'll need to write your code to construct IAM policies to handle that (with

.then

await

brave-angle-33257

11/16/2018, 5:03 PM

thanks @white-balloon-205!

brave-angle-33257

11/16/2018, 6:07 PM

i got it to work, but I had to wrap basically the entire pulumi infra into a then() function. I tried to just do the policy, then have the role depend on the policy, but that didn't seem to work

brave-angle-33257

11/16/2018, 6:07 PM

in theory if i just have the policy in the then() and then the roles build off that, shouldn't it work?

brave-angle-33257

11/16/2018, 6:08 PM

Copy code

var name = `mylambda.${env_id}`;

async function getAccountId() {
    let identity = await aws.getCallerIdentity();
    return identity.accountId;
}

getAccountId().then(account_id=>{

    /// everything in here using account_id

    role = new role
    policy = new policy

brave-angle-33257

11/16/2018, 6:09 PM

more like this:```var name = `mylambda.${env_id}`; async function getAccountId() { let identity = await aws.getCallerIdentity(); return identity.accountId; } getAccountId().then(account_id=>{ policy = new policy(using account_id) }) role = new role(name,{dependsOn:policy})```

white-balloon-205

11/16/2018, 7:17 PM

You should be able to do this more simply with something like this:

Copy code

async function createPolicy() {
    let identity = await aws.getCallerIdentity();
    return JSON.stringify({
        "Version": "2012-10-17",
        "Statement": {
            "Effect": "Allow",
            "Principal": { "AWS": `arn:aws:iam::${identity.accountId}:root` },
            "Action": "sts:AssumeRole"
        }
    });
}

let policy = new aws.iam.RolePolicy("policy", {
    policy: createPolicy(),
})

The key is that you want to use the Promise as data, not as control flow. This is unfortunately somewhat different from the way Promises are commonly used in JavaScript. But in Pulumi programs, thinking of Promises as data that can be passed as inputs to resources often allows code to be much simpler (and less globally impactful).

brave-angle-33257

11/16/2018, 7:54 PM

ok thanks for the great info 📖 i'll try to refactor a bit. definitely want to be doing things as you guys have intended it to work 👍

4 Views

Open in Slack

Previous Next