https://pulumi.com logo
#general
Title
# general
b

billowy-laptop-45963

09/04/2019, 4:02 PM
In order to get around not being able to pass the lambda role into pulumi/cloud cron(), is it possible, within the same program, to create it and then set the config value for computeIAMRolePolicyARNs which is used later on by pulumi/cloud? My gut says no...
w

white-balloon-205

09/04/2019, 4:17 PM
To first approximation, no. And in fact this was one of the key motivations for the design of the CallbackFubction model in aws and awsx. I do recall we once worked with someone who did manage to accomplish this - but it required some “hacks”. I don’t recommend it - but I’ll see if I can dig it up.
So if you do:
Copy code
import * as cloudAws from "@pulumi/cloud-aws"

cloudAws.setComputeIAMRolePolicies(policyArns);
Then you should see any lambdas created after that will use a Role created with those policy arns attached. This is pretty limited, and requires you make this call before any Lambdas are created by
@pulumi/cloud
- but may let you work around this.
b

billowy-laptop-45963

09/04/2019, 4:33 PM
thanks, so your recommendation is to use aws directly I guess? This is the route I'm going down anyways...
w

white-balloon-205

09/04/2019, 4:38 PM
There are two options: 1. If you really want to use
cloud
but need to customize Roles (an AWS specific concept), then you can load up
@pulumi/cloud-aws
and make the call above, but still use all the rest of the APIs from
@pulumi/cloud
. 2. If you are on AWS only, you will likely find things more flexible working with
@pulumi/aws
and
@pulumi/awsx
- which offer many of the same capabilities - but in an AWS specific form that gives you access to every knob you may need.