busy-umbrella-36067
06/28/2019, 3:27 PMerror: The role "arn:aws:iam::xxx:role/xxx" cannot be assumed.
Running pulumi update
a second time, after the role has been fully created successfully creates a useable provider.
import * as aws from "@pulumi/aws";
const role = new aws.iam.Role("testrole", {
assumeRolePolicy: aws.getCallerIdentity().then(id => {
return {
Version: "2012-10-17",
Statement: [
{
Effect: "Allow",
Principal: {
AWS: `arn:aws:iam::${id.accountId}:root`
},
Action: "sts:AssumeRole"
}
]
};
})
});
const rolePolicy = new aws.iam.Policy("test", {
description: "Full S3 Admin",
policy: {
Version: "2012-10-17",
Statement: [
{
Effect: "Allow",
Action: "s3:*",
Resource: "*"
}
]
}
});
const rolePolicyAttachment = new aws.iam.RolePolicyAttachment("test", {
policyArn: rolePolicy.arn.apply(arn => arn),
role: role
});
const roleProvider = new aws.Provider(
"test",
{
assumeRole: {
roleArn: role.arn
}
},
{ dependsOn: rolePolicyAttachment }
);
// try to make an s3 bucket using role provider
// this will fail once and then work
const s3Bucket = new aws.s3.Bucket(
"test",
{},
{ provider: roleProvider, dependsOn: roleProvider }
);