This message was deleted.
# generals
sparse-intern-71089
01/22/2019, 6:58 PMThis message was deleted.
w
white-balloon-205
01/22/2019, 7:00 PM
I think you just need a return in front of
awsCaller.then(...)white-balloon-205
01/22/2019, 7:00 PM
Copy code
function createK8sDelegationRole(): Promise<aws.iam.Role> {
const awsCaller = aws.getCallerIdentity();
return awsCaller.then(root => {
const assumeRootRolePolicy = <aws.iam.PolicyDocument>{
Version: "2012-10-17",
Statement: [
{
Effect: "Allow",
Principal: {
AWS: `arn:aws:iam::${root.accountId}:root`
},
Action: "sts:AssumeRole"
}
]
};
// Create an IAM role for K8s namespace access
const k8sDevPolicies = {
eksViewer: aws.iam.ReadOnlyAccess
};
const k8sNamespaceAdminRole = newRoleWithPolicies(
"k8sDevNSAdminRole",
{
description: "k8s namespace admin role for groups",
assumeRolePolicy: assumeRootRolePolicy
},
k8sDevPolicies
);
const k8sdevpolicy = k8sNamespaceAdminRole.arn.apply(
arn =>
new aws.iam.Policy(
"k8s-dev-namespace-policy",
{
description: "Policy that allow you to do K8s stuff",
policy: JSON.stringify({
Version: "2012-10-17",
Statement: [
{
Effect: "Allow",
Resource: arn,
Action: ["sts:AssumeRole"]
}
]
})
},
{ parent: k8sNamespaceAdminRole }
)
);
new aws.iam.GroupPolicyAttachment("k8s-ns-to-dev-group-attachment", {
group: k8sNamespaceAdminGroup,
policyArn: k8sdevpolicy.apply(t => t.arn)
});
return k8sNamespaceAdminRole;
}
);
}white-balloon-205
01/22/2019, 7:00 PM
(as noted in the type annotation - that will result in the outer function returning a
Promise<aws.iam.Role>o
orange-tailor-85423
01/22/2019, 7:06 PMI really need a bootcamp
orange-tailor-85423
01/22/2019, 7:06 PMthanks Luke - I'll give it a go
orange-tailor-85423
01/23/2019, 12:32 AMworked a treat - learned something today. Thanks @white-balloon-205
👍 1