Right now I have it broken out by AWS service (IAM, ECS, StateMachines, etc) and I’ve hit a point where things are depending on each other in a circle..

Here is a section of a larger pulumi project that I’m a bit stuck on. https://github.com/Incisive/pulumi-question/tree/master/secrets_scanner If you look at

ecs.js

you’ll see that it’s including

iam.js

which is also including

ecs.js

. I had pulled the IAM roles back into the respective groups by just defining the roles within ECS and lambda etc, however the issue still remains that the roles need access to resource ARN’s, and so does the lambda / state machine code.

Hoping for some help here, in terraform the global resource graph makes this really easy, however by using the node module system and not some higher-level resource graph it’s making it hard to abstract the pieces into individual files. Would love to know if Pulumi has any ways of addressing this that maybe I’m not aware of yet 🙂

related discussion link with my shared code package.json and a tsconfig https://pulumi-community.slack.com/archives/C84L4E3N1/p1551983441247900?thread_ts=1551829612.148800&cid=C84L4E3N1

I use tsconfig

paths

mappings in the other packages to reuse the code via

import {x, y, z} from '@acme/pulumi'