https://pulumi.com logo
Powered by
e

elegant-crayon-4967

06/18/2019, 4:20 PM
Does anyone have a working example of using an external user_data script w/ variables defined in 
index.ts
for aws & typescript?
w

white-balloon-205

06/18/2019, 6:26 PM
When you say "external" 
user_data
- do you mean loaded from a file? If so, how did you want to do the variable replacements? Certainly any combination of these is possible via 
fs.readFileSync
, string interpolation, 
.replace()
or other techniques.
e

elegant-crayon-4967

06/18/2019, 6:38 PM
well for instance, in Terraform I create a template file called user data, and I can pass in variables to that `*.tpl* file which is external (aka, not imbedded in my TF Code
looks something like this
Copy code
data "template_file" "user_data" {
  template = "${file("./modules/asg/user_data.tpl")}"
  vars {
    ssmDomainJoin   = "${var.ssm-domain-join}"
    ssmServerBuild  = "${var.ssm-server-build}"
    tEnv            = "${var.tags["t_env"]}"
    fsxDrive        = "${var.fsxDrive}"
  }
}
and then I'm able to reference that within the launchtemplate resource 
user_data                 = "${base64encode(data.template_file.user_data.rendered)}"
I just don't know the proper way of doing all this via TS
was hoping there might be an example of something similar I could follow
c

cold-coat-35200

06/18/2019, 7:41 PM
just use a template language for ts, handlebars or mustache
Copy code
const policyDocumentTemplate = handlebars.compile(fs.readFileSync(path.join('templates', 'kmsKeyPolicy.json'), 'utf8'))
    const policyDocument = pulumi.all([this.iamRole.arn, callerIdentity]).apply(([iamRoleArn, callerIdentity]) => {
      return policyDocumentTemplate({
        accountID: callerIdentity.accountId,
        iamRoleArn: iamRoleArn
      })
    })
example file:
Copy code
{
  "Version": "2012-10-17",
  "Id": "etcd-cluster-kms-key-policy",
  "Statement": [
    {
      "Sid": "Enable IAM User Permissions",
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::{{accountID}}:root"
      },
      "Action": "kms:*",
      "Resource": "*"
    },
    {
      "Sid": "Allow access for Key Administrators",
      "Effect": "Allow",
      "Principal": {
        "AWS": "{{ iamRoleArn }}"
      },
      "Action": [
        "kms:Create*",
        "kms:Describe*",
        "kms:Enable*",
        "kms:List*",
        "kms:Put*",
        "kms:Update*",
        "kms:Revoke*",
        "kms:Disable*",
        "kms:Get*",
        "kms:Delete*",
        "kms:TagResource",
        "kms:UntagResource"
      ],
      "Resource": "*"
    },
    {
      "Sid": "Allow use of the key",
      "Effect": "Allow",
      "Principal": {
        "AWS": "{{ iamRoleArn }}"
      },
      "Action": [
        "kms:Encrypt",
        "kms:Decrypt",
        "kms:ReEncrypt*",
        "kms:GenerateDataKey*",
        "kms:DescribeKey"
      ],
      "Resource": "*"
    },
    {
      "Sid": "Allow attachment of persistent resources",
      "Effect": "Allow",
      "Principal": {
        "AWS": "{{ iamRoleArn }}"
      },
      "Action": [
        "kms:CreateGrant",
        "kms:ListGrants",
        "kms:RevokeGrant"
      ],
      "Resource": "*",
      "Condition": {
        "Bool": {
          "kms:GrantIsForAWSResource": "true"
        }
      }
    }
  ]
}
e

elegant-crayon-4967

06/18/2019, 8:01 PM
perfect, thanks! I just needed a spark to get me going 🙂
2 Views
Powered by