Channels
#general
Title
b
busy-umbrella-36067
04/02/2019, 2:35 AMIs there a cleaner way of using pulumi outputs inside of IAM Policies?
Using
.apply"Calling [toJSON] on an [Output<T>] is not supported. Copy code
const taskRolePolicy = new aws.iam.Policy('ecs-XXXXXX-task', {
name: 'ecs-XXXXXX-task',
policy: kmsKey.arn.apply(id => JSON.stringify({
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"kms:Decrypt"
],
"Resource": [
id
]
}
]
}))
})w
white-balloon-205
04/02/2019, 2:51 AM
That should definitely work as-is and not result in that error. Is there anything else in your repro case that might be triggering this?
s
stocky-spoon-28903
04/02/2019, 2:57 AMI think the error is from a slightly different construction where the apply is called from inside the object?
✔️ 1
b
busy-umbrella-36067
04/02/2019, 12:12 PMYeah, the error happens when I use it like this.
Copy code
const taskRolePolicy = new aws.iam.Policy('ecs-XXXXXX-task', {
name: 'ecs-XXXXXX-task',
policy: JSON.stringify({
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"kms:Decrypt"
],
"Resource": [
kmsKey.id.apply(id => id)
]
}
]
})
}) Copy code
const taskRolePolicy = new aws.iam.Policy('ecs-XXXXXX-task', {
name: 'ecs-XXXXX-task',
policy: `{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"kms:Decrypt"
],
"Resource": [
${kmsKey.id.apply(id => id)}
]
}
]
}`
})s
stocky-spoon-28903
04/02/2019, 12:14 PM@busy-umbrella-36067 they are expected: see the other way I posted here: https://pulumi-community.slack.com/archives/C84L4E3N1/p1554173011157600
👍 1