busy-umbrella-36067
04/02/2019, 2:35 AM.apply
on just the kms key id results in "Calling [toJSON] on an [Output<T>] is not supported.
const taskRolePolicy = new aws.iam.Policy('ecs-XXXXXX-task', {
name: 'ecs-XXXXXX-task',
policy: kmsKey.arn.apply(id => JSON.stringify({
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"kms:Decrypt"
],
"Resource": [
id
]
}
]
}))
})
white-balloon-205
stocky-spoon-28903
04/02/2019, 2:57 AMbusy-umbrella-36067
04/02/2019, 12:12 PMconst taskRolePolicy = new aws.iam.Policy('ecs-XXXXXX-task', {
name: 'ecs-XXXXXX-task',
policy: JSON.stringify({
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"kms:Decrypt"
],
"Resource": [
kmsKey.id.apply(id => id)
]
}
]
})
})
or this
const taskRolePolicy = new aws.iam.Policy('ecs-XXXXXX-task', {
name: 'ecs-XXXXX-task',
policy: `{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"kms:Decrypt"
],
"Resource": [
${kmsKey.id.apply(id => id)}
]
}
]
}`
})
stocky-spoon-28903
04/02/2019, 12:14 PM