No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

<@UFYRKB70C> policy documents are weird, the fields can’t be outputs for $REASONS

Can you paste, the code? I can show you how to fix it.

sure,


```
const rolePolicy = new aws.iam.RolePolicy(
    'probot_task_policy',
    {
        role: role,
        policy: JSON.stringify({
            Version: '2012-10-17',
            Statement: [
                {
                    Effect: 'Allow',
                    Action: [
                        'kms:ListKeys',
                        'kms:ListAliases',
                        'kms:Describe*',
                        'kms:Decrypt',
                    ],
                    Resource: [paramStoreKms.arn],
                },
                {
                    Effect: 'Allow',
                    Action: 'ssm:GetParameters',
                    Resource: [
                        `arn:aws:ssm:*:${config.require(
                            'accountId'
                        )}:parameter/secrets_probot_scanner/*`,
                    ],
                },
            ],
        }),
    },
    { parent: role }
);
```

`paramStoreKms` is defined in a different module that I’m including, but is available and exported correctly

could the json string be the result of an apply?

<@UFYRKB70C> you probably want something like `policy: paramStoreKms.arn.apply(arn =&gt; JSON.stringify({ ... })`

yeah it does, I’ll give it a go, thanks!

if I needed multiple Outputs i can use pulumi.all right?