This message was deleted.
# general
s
This message was deleted.
c
@billions-lock-73409 policy documents are weird, the fields can’t be outputs for $REASONS
Can you paste, the code? I can show you how to fix it.
b
sure,
Copy code
const rolePolicy = new aws.iam.RolePolicy(
    'probot_task_policy',
    {
        role: role,
        policy: JSON.stringify({
            Version: '2012-10-17',
            Statement: [
                {
                    Effect: 'Allow',
                    Action: [
                        'kms:ListKeys',
                        'kms:ListAliases',
                        'kms:Describe*',
                        'kms:Decrypt',
                    ],
                    Resource: [paramStoreKms.arn],
                },
                {
                    Effect: 'Allow',
                    Action: 'ssm:GetParameters',
                    Resource: [
                        `arn:aws:ssm:*:${config.require(
                            'accountId'
                        )}:parameter/secrets_probot_scanner/*`,
                    ],
                },
            ],
        }),
    },
    { parent: role }
);
paramStoreKms
is defined in a different module that I’m including, but is available and exported correctly
could the json string be the result of an apply?
c
@billions-lock-73409 you probably want something like
policy: paramStoreKms.arn.apply(arn => JSON.stringify({ ... })
if that makes sense.
b
yeah it does, I’ll give it a go, thanks!
worked perfectly, thanks a bunch 👍
if I needed multiple Outputs i can use pulumi.all right?
to wrap them in a promise like that
c
yeah
b
awesome 👍