https://pulumi.com logo
Join Slack
Powered by
This message was deleted.
# general
s
This message was deleted.
f
Maybe try JSON.stringify(…) against the JSON policy you’re trying to use?
s
I went down the road of trying to use straight JSON but Pulumi makes it way easier. Here's an example:
Copy code
const policy = new aws.iam.Policy(
			`${name}-secret-reader`,
			{
				path: `/secrets/${name}`,
				policy: {
					Version: "2012-10-17",
					Statement: [
						{
							Action: ["ssm:getParameter"],
							Effect: "Allow",
							Resource: parameterStore.arn
						}
					]
				}
			}
		);
Instead of trying to make a correctly formatted JSON document that validates as IAM policy, Pulumi gives you properties to work with just like other resources, and gives you some intellisense against known types (like I can ctrl+shift in VsCode and get the valid strings for Version ie. "2012-10-17"
c
Thanks for the suggestions. @swift-painter-31084 I did try to use an IAM policy, but I get "MalformedPolicyDocumentException: Policy contains a statement with no principal"
Which is really weird since IAM policies don't allow principals.
@faint-table-42725 JSON.stringify likewise returns "MalformedPolicyDocumentException"
Copy code
const policy = {
            "Version": "2012-10-17",
            "Statement": [
                {
                    "Principal": [
                        {
                            "AWS": "*"
                        }
                    ],
                    "Effect": "Allow",
                    "Action": [
                        "kms:*"
                    ],
                    "Resource": "*"
                }
            ]
        };
@faint-table-42725 the JSON.stringify() turned out to be the trick combined with making sure the policy has an "Id" (missing from the example I previously posted). Thanks to all!
54 Views
Open in Slack
PreviousNext
Powered by