brave-angle-33257
06/03/2019, 5:06 PM// create KMS key
var kms_key_name = `${prefix}-kms-key-ecs`;
var kms_key = new aws.kms.Key(kms_key_name);
// create key alias
var kms_key_alias_name = `${prefix}-kms-alias-ecs`;
var kms_key_alias = new aws.kms.Alias(kms_key_alias_name, {
name: `alias/${kms_key_alias_name}`,
targetKeyId: kms_key.arn
},
{
dependsOn: kms_key,
deleteBeforeReplace: true
});
// taken from pulumi example to get output into string then interpolate
const final_key_arn: pulumi.Output<string> = kms_key.arn;
let policy = new aws.iam.Policy(ecs_role_name, {
name: ecs_role_name,
policy: JSON.stringify({
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": [
"kms:Encrypt",
"kms:Decrypt"
],
"Resource": `${final_key_arn}`
}]
})
});
Calling [toString] on an [Output<T>] is not supported.\\n\\nTo get the value of an Output<T> as an Output<string> consider either:\\n1: o.apply(v => `prefix${v}suffix`)\\n2: pulumi.interpolate `prefix${v}suffix`\\n\\nSee <https://pulumi.io/help/outputs> for more details.\\nThis function may throw in a future version of @pulumi/pulumi.\
stocky-spoon-28903
06/03/2019, 5:08 PMoutput({
// your policy as a json object including references
}).apply(JSON.stringify)
brave-angle-33257
06/03/2019, 5:11 PMconst key_arn = kms_key.arn.apply(JSON.stringify)
stocky-spoon-28903
06/03/2019, 5:14 PMbrave-angle-33257
06/03/2019, 5:14 PMbrave-salesmen-42327
06/03/2019, 5:25 PMconst testToken = new aws.dynamodb.TableItem("test-token", {
hashKey: jwtTokenTable.hashKey
,item: apiKeysOutput.apply( (keys) =>
JSON.stringify({
applicationID: {"S": keys.TEST.value }
,token: {"S": "this-is-a-test-token"}
,expires: {"S": "NEVER"}
})
)
,tableName: jwtTokenTable.name,
})
We build the dynamo tableitem by applying the the output we want then JSON stringifying it.stocky-spoon-28903
06/03/2019, 5:28 PM// create KMS key
var kms_key_name = `${prefix}-kms-key-ecs`;
var kms_key = new aws.kms.Key(kms_key_name);
// create key alias
var kms_key_alias_name = `${prefix}-kms-alias-ecs`;
var kms_key_alias = new aws.kms.Alias(kms_key_alias_name, {
name: `alias/${kms_key_alias_name}`,
targetKeyId: kms_key.arn
},
{
deleteBeforeReplace: true
});
let policy = new aws.iam.Policy("xx", {
name: "whatever",
policy: pulumi.output({
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": [
"kms:Encrypt",
"kms:Decrypt"
],
"Resource": kms_key_alias.arn,
}]
}).apply(JSON.stringify),
});
dependsOn
for the alias since it picks up the dependency via kms_key.arn
brave-angle-33257
06/03/2019, 5:29 PMstocky-spoon-28903
06/03/2019, 5:30 PMbrave-angle-33257
06/03/2019, 5:35 PMsubnetMappings: public_subnet_ids.apply(x => x.map(y => ({ subnetId: y }))),
stocky-spoon-28903
06/03/2019, 5:36 PMbrave-angle-33257
06/03/2019, 5:36 PMstocky-spoon-28903
06/03/2019, 5:37 PM