In order to get around not being able to pass the lambda rol Pulumi Community #general

In order to get around not being able to pass the ...

billowy-laptop-45963

09/04/2019, 4:02 PM

In order to get around not being able to pass the lambda role into pulumi/cloud cron(), is it possible, within the same program, to create it and then set the config value for computeIAMRolePolicyARNs which is used later on by pulumi/cloud? My gut says no...

white-balloon-205

09/04/2019, 4:17 PM

To first approximation, no. And in fact this was one of the key motivations for the design of the CallbackFubction model in aws and awsx. I do recall we once worked with someone who did manage to accomplish this - but it required some “hacks”. I don’t recommend it - but I’ll see if I can dig it up.

white-balloon-205

09/04/2019, 4:21 PM

So if you do:

Copy code

import * as cloudAws from "@pulumi/cloud-aws"

cloudAws.setComputeIAMRolePolicies(policyArns);

Then you should see any lambdas created after that will use a Role created with those policy arns attached. This is pretty limited, and requires you make this call before any Lambdas are created by

@pulumi/cloud

- but may let you work around this.

billowy-laptop-45963

09/04/2019, 4:33 PM

thanks, so your recommendation is to use aws directly I guess? This is the route I'm going down anyways...

white-balloon-205

09/04/2019, 4:38 PM

There are two options: 1. If you really want to use

cloud

but need to customize Roles (an AWS specific concept), then you can load up

@pulumi/cloud-aws

and make the call above, but still use all the rest of the APIs from

@pulumi/cloud

. 2. If you are on AWS only, you will likely find things more flexible working with

@pulumi/aws

and

@pulumi/awsx

- which offer many of the same capabilities - but in an AWS specific form that gives you access to every knob you may need.

Open in Slack

Previous Next