https://pulumi.com logo
#general
Title
# general
s

square-ability-48831

08/14/2019, 12:51 AM
looking for any examples or pointers on how to get a Resource for an existing dynamodb table and then use that in a role+policy pair for a lambda. getting held up on if
aws.dynamodb.getTable({name: 'mytablename'})
is what i need to get the resource. tried wrapping in an async function but it seems to just not build the resource at all.
Copy code
const dynamoSetup = async () => {
  const chargerStateTable = await aws.dynamodb.getTable({name: 'charger_state'})

  // Give our Lambda access to the Dynamo DB table, CloudWatch Logs and Metrics.
  const chargerEventDispatchRole = new aws.iam.Role("charger-event-dispatch-role", {
    assumeRolePolicy: aws.iam.assumeRolePolicyForPrincipal({ Service: "<http://lambda.amazonaws.com|lambda.amazonaws.com>" }),
  })

  const chargerEventDispatchDynamoDBPolicy = new aws.iam.RolePolicy("charger-event-dispatch-policy", {
    role: chargerEventDispatchRole,
    policy: pulumi.output({
      Version: "2012-10-17",
      Statement: [{
        Action: ["dynamodb:UpdateItem", "dynamodb:PutItem", "dynamodb:GetItem", "dynamodb:DescribeTable"],
        Resource: chargerStateTable.arn,
        Effect: "Allow",
      }, {
        Action: ["logs:*", "cloudwatch:*"],
        Resource: "*",
        Effect: "Allow",
      }],
    }),
  })

  return chargerStateTable
}

dynamoSetup()
tried the above but i know i'm missing some core usage pattern for this
b

big-piano-35669

08/14/2019, 2:05 AM
What did you see when you run
pulumi up
? I tried the code with a DynamoDB table, and it seemed to work. Note that we've made a recent change where you no longer need the async/await calls to invoke functions like
getTable
, so a simplified version like so should work:
Copy code
const chargerStateTable = aws.dynamodb.getTable({name: 'charger_state'})

// Give our Lambda access to the Dynamo DB table, CloudWatch Logs and Metrics.
const chargerEventDispatchRole = new aws.iam.Role("charger-event-dispatch-role", {
    assumeRolePolicy: aws.iam.assumeRolePolicyForPrincipal({ Service: "<http://lambda.amazonaws.com|lambda.amazonaws.com>" }),
})

const chargerEventDispatchDynamoDBPolicy = new aws.iam.RolePolicy("charger-event-dispatch-policy", {
    role: chargerEventDispatchRole,
    policy: pulumi.output({
        Version: "2012-10-17",
        Statement: [{
            Action: ["dynamodb:UpdateItem", "dynamodb:PutItem", "dynamodb:GetItem", "dynamodb:DescribeTable"],
            Resource: chargerStateTable.arn,
            Effect: "Allow",
        }, {
            Action: ["logs:*", "cloudwatch:*"],
            Resource: "*",
            Effect: "Allow",
        }],
    }),
})
s

square-ability-48831

08/14/2019, 4:43 PM
index.ts(33,35): error TS2570: Property 'arn' does not exist on type 'Promise<GetTableResult>'. Did you forget to use 'await'?
on the line for
Resource: chargerStateTable.arn,
Maybe I need to update my pulumi libs?
w

white-balloon-205

08/14/2019, 5:41 PM
Yes - this was a change in fairly recent version of the Pulumi libraries. That error message suggests you are on the older versions before this was enabled.
4 Views