rough-baker-21016
05/13/2020, 12:22 PMfunction publicReadPolicyForBucket
I need access to both the name of the bucket which has just been created created, AND the arn of a role that has just been created.
Specifically, my policy needs to look like this (the difference from the example is the Principal
which in my case needs to interpolate the role, instead of just being *
function publicReadPolicyForBucket(bucketName: string, roleName: string) {
return JSON.stringify({
Version: "2012-10-17",
Statement: [{
Effect: "Allow",
Principal: "`${role.arn}`",
Action: [
"s3:GetObject"
],
Resource: [
`arn:aws:s3:::${bucketName}/*` // policy refers to bucket name explicitly
]
}]
});
}
The error message I get recommends using the bucket.bucket.apply()
pattern, but I can’t see how this extends to allowing me to interpolate both the bucket name and the rolewonderful-dog-9045
05/13/2020, 12:28 PMconst jsonOutput = unresolvedInputs.apply((resolvedInputs) => createJson(resolvedInputs))
role.arn
then it would be:rough-baker-21016
05/13/2020, 12:33 PMconst role = new aws.iam.Role()
wonderful-dog-9045
05/13/2020, 12:33 PMpolicy = role.arn.apply(arn => JSON.stringify({ ... , Principal: arn }))
rough-baker-21016
05/13/2020, 12:34 PMwonderful-dog-9045
05/13/2020, 12:35 PMpulumi.output({ bucket, arn: role.arn}).apply(({bucket, arn}) => ...));
rough-baker-21016
05/13/2020, 12:37 PMwonderful-dog-9045
05/13/2020, 12:38 PM