This message was deleted.
# general
s
This message was deleted.
🤔 1
f
When I create a
PolicyDocument
that exactly mirrors those AWS examples, including specifying the appropriate `Principal`s, the output I get upon running
pulumi up
is
Copy code
error: Plan apply failed: Error creating IAM policy policy-abcd123: MalformedPolicyDocument: Policy document should not specify a principal.
It seems to think I'm creating an IAM policy (which does not need a Principal, since the IAM entity it's being attached to is the Principal) instead of a resource policy
w
Could you share the relevant snippet of tour code?
f
Figured out that I can attach the PolicyDocument directly to the CMK resource instead of going
PolicyDocument
->
Policy
->
Policy.policy
on the CMK resource, and that fixed the Principals issue. However now I'm running into that common issue where I need to go from
Output<T>
-> string (stringified JSON, in this case) since I want to reference the `User.arn`s managed by Pulumi in the PolicyDocument I'm attaching to the CMK
it works when I chain with
.apply()
, but then everything that references that PolicyDocument also seems to have to exist within the asynchronous context of that
.apply()
, which is very unfortunate