https://pulumi.com logo
Join Slack
Powered by
Is it possible to attach multiple IAM policies to ...
# general
f
Is it possible to attach multiple IAM policies to an IAM role at once?
s
Depends what you mean by “at once” - using multiple role policy attachments, yes
So “in the same program”
f
I mean in one statement, as opposed to having a bunch of 
new aws.iam.RolePolicyAttachment
.
s
Ah, not really - there is no AWS primitive for that, so nothing exists in the Terraform provider to do that
With Pulumi you could use a loop or a 
.map
or similar though instead of writing them out in full
f
If it doesn't already exist, seems like a useful function to include in a lib 🙂
s
Do you have a reference in your program to a bunch of policies?
f
Yes. I have a 
Output<string[]>
of policy arns.
s
Copy code
youroutput.apply(x => x.map(y => new RolePolicyAttachment(...))))
f
It's acceptable to create resources in 
apply
?
m
It’s not a best practice—the resources may not appear in previews and will not properly depend upon the inputs to the apply—but it will work.
f
Is there a best practice way to accomplish this?
m
Where is the output<string>[] coming from?
Is it from other resources?
s
If it’s an output<string>[] rather than an output<string[]> then this becomes much neater - you can just map over the array directly and pass the output<string> into the attachment
f
It is from other resources. I could make it a output<string>[] I think.
Right now it's defined as this:
Copy code
export let servicesPolicyArns = servicesIamPolicy.arn.apply(arn => {
    return [
        arn,
        "arn:aws:iam::aws:policy/AWSLambdaFullAccess",
        "arn:aws:iam::aws:policy/AmazonEC2ContainerServiceFullAccess",
    ];
});
But it could be defined like this:
Copy code
let servicesPolicyArns = [
    "arn:aws:iam::aws:policy/AWSLambdaFullAccess",
    "arn:aws:iam::aws:policy/AmazonEC2ContainerServiceFullAccess",
    servicesIamPolicy.arn
];
2 Views
Open in Slack
PreviousNext
Powered by