No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

I use `PolicyDocument` in .NET/C# using `Output.Tuple` as follows:
```private static Output&lt;string&gt; AssumeRoleForServiceAccount(Output&lt;string&gt; oidcArn, Output&lt;string&gt; oidcUrl, string saNamespace, string saName) =&gt;
    Output.Tuple(oidcArn, oidcUrl).Apply(((string OidcArn, string OidcUrl)tuple) =&gt; GetPolicyDocument.InvokeAsync(
        new GetPolicyDocumentArgs
        {
            Statements =
            {
                new GetPolicyDocumentStatementArgs
                {
                    Effect = "Allow",
                    Principals =
                    {
                        new GetPolicyDocumentStatementPrincipalArgs
                        {
                            Type = "Federated",
                            Identifiers = { tuple.OidcArn }
                        }
                    },
                    Actions = { "sts:AssumeRoleWithWebIdentity" },
                    Conditions =
                    {
                        new GetPolicyDocumentStatementConditionArgs
                        {
                            Test = "StringEquals",
                            Values = { $"system:serviceaccount:{saNamespace}:{saName}" },
                            Variable = $"{tuple.OidcUrl}:sub"
                        }
                    }
                }
            }
        })).Apply(policy =&gt; policy.Json);```
The sample principle would apply to TypeScript

thanks, I'm trying to avoid the apply nesting as it's kind of painful, and the snippet I posted works, just not sure why casting to any works (at runtime)

this is the equivalent, using the correct apply flow (I guess)
```const assumeDevelopersRolePolicyData = devRole.name.apply((name) =&gt; {
    return aws.iam.getPolicyDocument({
      version: "2012-10-17",
      statements: [
        {
          effect: "Allow",
          actions: ["sts:AssumeRole"],
          resources: [`arn:aws:iam::${dev_account_id}:role/${name}`],
        },
      ],
    });
  });```

Sorry, missed the last apply to return Output&lt;string&gt; from doc.json, but you get the idea :slightly_smiling_face:

I really need to just get it through my head

YOU CANNOT CONVERT OUTPUT&lt;T&gt; TO T :smile:

<https://stackoverflow.com/questions/62561660/how-to-convert-pulumi-outputt-to-string>

Yeah, I think you worked this out.  You might also like `pulumi.all([foo.value, bar.arn]).apply(([fooValue, barArn]) =&gt; { return `${fooValue}-${barArn}`; });`

<https://www.pulumi.com/docs/reference/pkg/nodejs/pulumi/pulumi/#all>

also in your case, you might be able to use the shortcut for apply: `pulumi.interpolate`arn:aws:iam::${dev_account_id}:role/${name}``

I’m curious if the ARN you’re building is different than `devRole.arn` — in which case you should be able to just specify that,

re the interpolate, yes, but that's the thing, as I have to convert it to string, casting it to &lt;any&gt; works but otherwise there's no implicit conversion from Output&lt;T&gt; to T

you're correct, nice catch, devRole.arn will suffice on its own, thanks :slightly_smiling_face: