looking for any examples or pointers on how to get a Resourc Pulumi Community #general

looking for any examples or pointers on how to get...

square-ability-48831

08/14/2019, 12:51 AM

looking for any examples or pointers on how to get a Resource for an existing dynamodb table and then use that in a role+policy pair for a lambda. getting held up on if

aws.dynamodb.getTable({name: 'mytablename'})

is what i need to get the resource. tried wrapping in an async function but it seems to just not build the resource at all.

square-ability-48831

08/14/2019, 12:51 AM

Copy code

const dynamoSetup = async () => {
  const chargerStateTable = await aws.dynamodb.getTable({name: 'charger_state'})

  // Give our Lambda access to the Dynamo DB table, CloudWatch Logs and Metrics.
  const chargerEventDispatchRole = new aws.iam.Role("charger-event-dispatch-role", {
    assumeRolePolicy: aws.iam.assumeRolePolicyForPrincipal({ Service: "<http://lambda.amazonaws.com|lambda.amazonaws.com>" }),
  })

  const chargerEventDispatchDynamoDBPolicy = new aws.iam.RolePolicy("charger-event-dispatch-policy", {
    role: chargerEventDispatchRole,
    policy: pulumi.output({
      Version: "2012-10-17",
      Statement: [{
        Action: ["dynamodb:UpdateItem", "dynamodb:PutItem", "dynamodb:GetItem", "dynamodb:DescribeTable"],
        Resource: chargerStateTable.arn,
        Effect: "Allow",
      }, {
        Action: ["logs:*", "cloudwatch:*"],
        Resource: "*",
        Effect: "Allow",
      }],
    }),
  })

  return chargerStateTable
}

dynamoSetup()

square-ability-48831

08/14/2019, 12:52 AM

tried the above but i know i'm missing some core usage pattern for this

big-piano-35669

08/14/2019, 2:05 AM

What did you see when you run

pulumi up

? I tried the code with a DynamoDB table, and it seemed to work. Note that we've made a recent change where you no longer need the async/await calls to invoke functions like

getTable

, so a simplified version like so should work:

Copy code

const chargerStateTable = aws.dynamodb.getTable({name: 'charger_state'})

// Give our Lambda access to the Dynamo DB table, CloudWatch Logs and Metrics.
const chargerEventDispatchRole = new aws.iam.Role("charger-event-dispatch-role", {
    assumeRolePolicy: aws.iam.assumeRolePolicyForPrincipal({ Service: "<http://lambda.amazonaws.com|lambda.amazonaws.com>" }),
})

const chargerEventDispatchDynamoDBPolicy = new aws.iam.RolePolicy("charger-event-dispatch-policy", {
    role: chargerEventDispatchRole,
    policy: pulumi.output({
        Version: "2012-10-17",
        Statement: [{
            Action: ["dynamodb:UpdateItem", "dynamodb:PutItem", "dynamodb:GetItem", "dynamodb:DescribeTable"],
            Resource: chargerStateTable.arn,
            Effect: "Allow",
        }, {
            Action: ["logs:*", "cloudwatch:*"],
            Resource: "*",
            Effect: "Allow",
        }],
    }),
})

square-ability-48831

08/14/2019, 4:43 PM

index.ts(33,35): error TS2570: Property 'arn' does not exist on type 'Promise<GetTableResult>'. Did you forget to use 'await'?

square-ability-48831

08/14/2019, 4:43 PM

on the line for

Resource: chargerStateTable.arn,

square-ability-48831

08/14/2019, 5:36 PM

Maybe I need to update my pulumi libs?

white-balloon-205

08/14/2019, 5:41 PM

Yes - this was a change in fairly recent version of the Pulumi libraries. That error message suggests you are on the older versions before this was enabled.

4 Views

Open in Slack

Previous Next