https://pulumi.com logo
g

glamorous-manchester-77008

06/04/2019, 12:17 PM
I have successfully deployed a lambda via pulumi. I want to provide secrets for the lambda by making a runtime lookup of the parameter towards Aws SSM (Parameter Store). This fails with access denied. What I want to do is to provide an IAM policy for the role associated to the lambda. However, I don't see any way in the docs or via the typescripts definiitons on how to provide IAM polcicies for the lambda. Does anyone know how one would go about this?
t

tall-librarian-49374

06/04/2019, 12:18 PM
g

glamorous-manchester-77008

06/04/2019, 12:19 PM
That looks promising! Thanks for the reference! 👍 💯
t

tall-librarian-49374

06/04/2019, 12:22 PM
It's not great in terms of using
JSON.stringify
and
AWSLambdaFullAccess
. Have a look here for a more type-safe approach: https://github.com/pulumi/examples/blob/f1980e8a532e35e93ed71891a81b0fc11fab6aa4/aws-ts-appsync/iam.ts
and use a more fine-grained policy than
AWSLambdaFullAccess
I might actually go ahead and open a PR to improve that sample