https://pulumi.com logo
Powered by
b

busy-umbrella-36067

04/24/2019, 6:12 PM
The second s3 bucket arn shows up as 
[Object Object]/*
for me, is there any workaround for this?
Copy code
let rolePolicy = new aws.iam.RolePolicy(`${name}-s3-access`, {
    role: role.id,
    policy: pulumi.output({
      Version: "2012-10-17",
      Statement: [{
        Effect: "Allow",
        Action: [
          "s3:ListBucket",
          "s3:HeadBucket",
          "s3:PutObject",
          "s3:GetObject"
        ],
        Resource: [ bucket.arn, `${bucket.arn}/*` ]
      }]
    }).apply(JSON.stringify)
  }, {
    parent: role
  });
Got it working using this syntax, I guess we don’t need to convert the policies to strings anymore?
Copy code
let rolePolicy = new aws.iam.RolePolicy(`${name}-s3-access`, {
    role: role.id,
    policy: {
      Version: "2012-10-17",
      Statement: [{
        Effect: "Allow",
        Action: [
          "s3:ListBucket",
          "s3:HeadBucket",
          "s3:PutObject",
          "s3:GetObject"
        ],
        Resource: [
          bucket.arn.apply(arn => arn),
          bucket.arn.apply(arn => `${arn}/*`)
        ]
      }]
    }
  }, {
    parent: role
  });
w

white-balloon-205

04/24/2019, 7:01 PM
That's right - you no longer need to convert to a string. See https://pulumi.io/reference/pkg/nodejs/@pulumi/aws/iam/#RolePolicyArgs-policy which calls out that this now accepts either a string or a 
PolicyDocument
interface.
👍 1
2 Views
Powered by