billions-lock-73409
02/25/2019, 6:42 PMOutput
isn’t ever resolved and the object (not the arn) ends up getting shoved in the json thus causing the error:
Plan apply failed: Error putting IAM role policy ******: MalformedPolicyDocument: Syntax errors in policy.
status code: 400, request id: 5d766e02-392b-11e9-b9bc-f57a45e4467f
creamy-potato-29402
02/25/2019, 6:46 PMbillions-lock-73409
02/25/2019, 7:23 PMconst rolePolicy = new aws.iam.RolePolicy(
'probot_task_policy',
{
role: role,
policy: JSON.stringify({
Version: '2012-10-17',
Statement: [
{
Effect: 'Allow',
Action: [
'kms:ListKeys',
'kms:ListAliases',
'kms:Describe*',
'kms:Decrypt',
],
Resource: [paramStoreKms.arn],
},
{
Effect: 'Allow',
Action: 'ssm:GetParameters',
Resource: [
`arn:aws:ssm:*:${config.require(
'accountId'
)}:parameter/secrets_probot_scanner/*`,
],
},
],
}),
},
{ parent: role }
);
paramStoreKms
is defined in a different module that I’m including, but is available and exported correctlycreamy-potato-29402
02/25/2019, 8:00 PMpolicy: paramStoreKms.arn.apply(arn => JSON.stringify({ ... })
billions-lock-73409
02/25/2019, 8:01 PMcreamy-potato-29402
02/25/2019, 8:07 PMbillions-lock-73409
02/25/2019, 8:25 PM