No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

You could get the existing role using `getRole` and attach it to the new domain. <https://www.pulumi.com/docs/reference/pkg/aws/iam/getrole/#using>

<@U01038HJ93R> there is no parameter in `aws.elasticsearch.Domain` for role. ServiceLinkedRole is a bit different from usual iam Roles, they need to exist, but are not directly linked to the resource.

Can't wrap my brain around it :thinking_face:

<@U011HKKU2NL> can you point me to the example you are using? I think the idea with service linked roles is that you only need to create them once and they will be used by all instances of the service. So I would imagine you just don’t create the role when creating this second domain.

Following this doc:
<https://www.pulumi.com/docs/reference/pkg/aws/elasticsearch/domain/#vpc-based-es>

Is there a way to dynamically figure out if I need to create the role,  during stack creation?

this part is weird: `dependsOn: [esServiceLinkedRole]`

maybe your suggestion about getRole could help here :thinking_face:

The problem I'm having is, the stack definition is in a github repo, and I clone the same repo on 2 computers, run a deploy, and  since the role was already create on my first computer, the second one is complaining.

image.png

<@U01038HJ93R> seems like this approach is working, sharing it here if someone needs it, maybe this is a good thing to add to official docs, because everyone will stumble upon this problem with more than 1 Elastic Domain: