Channels
pulumi-ai
package-authoring
pulumi-cdk
oracle-cloud-infrastructure
learn-pulumi-events
linen
registry
built-with-pulumi
pulumi-cloud
contribex
testingtesting321
hacktoberfest
cloudengineering
yaml
pulumi-crosscode
content-share
finops
multi-language-hackathon
office-hours
workshops
blog-posts
localstack
welcome
gitlab
pulumi-kubernetes-operator
jobs
aws
pulumi-deployments
dotnet
golang
announcements
java
pulumiverse
python
install
getting-started
cloudengineering-support
testingtesting123
hackathon-03-19-2020
typescript
google-cloud
contribute
azure
kubernetes
docs
automation-api
status
general
Title
b
brave-angle-33257
03/22/2021, 5:34 PMhi, can someone help me with this promise() syntax.. been stuck on this for too long this morning
async getAccountId() {
const awsIdentity = await aws.getCallerIdentity({ async: true });
const accountId = awsIdentity.accountId;
return accountId;
}// IAM role
var ecs_role_name = `${ecs_cluster_name}-role-main`;
this.holder["ecs_role_name"] = ecs_role_name;
let assume_policy_document: aws.iam.PolicyDocument = {
Version: "2012-10-17",
Statement: [
{
Action: "sts:AssumeRole",
Principal: {
AWS: this.getAccountId().then((x) => x),
},
Effect: "Allow",
Sid: "",
},
],
};i realize that the
AWSaws:iam:Role (prod-main-ecs-role-main):
error: 1 error occurred:
* Error creating IAM Role prod-main-ecs-role-main: MalformedPolicyDocument: Invalid principal in policy: "AWS":"arn:aws:iam::[object Promise]:root"
status code: 400, request id: 3875e107-41d6-488d-be73-93a9794915a0b
better-shampoo-48884
03/22/2021, 5:49 PMcould you try returning awsIdentity then doing
awsIdentity.accountId.apply(id => id)b
bored-oyster-3147
03/22/2021, 5:49 PMyou want something like:
const identity = pulumi.output(aws.getCallerIdentity());
let policyDocument = identity.accountId.apply(id =>
{
return {
Version: "2012-10-17",
Statement: [
{
Action: "sts:AssumeRole",
Principal: {
AWS: id,
},
Effect: "Allow",
Sid: "",
},
],
};
});b
better-shampoo-48884
03/22/2021, 5:49 PMjoshua with the better option 😉
b
brave-angle-33257
03/22/2021, 5:50 PMexcellent, thank you. i always get tripped up on these heh
b
bored-oyster-3147
03/22/2021, 5:50 PMcheckout this in the docs: https://www.pulumi.com/docs/intro/concepts/inputs-outputs/
and then look for some examples of using the
.get👍 1
b
brave-angle-33257
03/25/2021, 8:10 PMafter playing with this, getting stuck, and coming back to it, this was the final way I got this to work, not the easiest to figure out:
const identity = pulumi.output(aws.getCallerIdentity());
let role = new aws.iam.Role(ecs_role_name, {
name: ecs_role_name,
assumeRolePolicy: pulumi
.output(
identity.accountId.apply((id) => {
return {
Version: "2012-10-17",
Statement: [
{
Action: "sts:AssumeRole",
Principal: {
AWS: `arn:aws:iam::${id}:root`,
},
Effect: "Allow",
Sid: "",
},
],
};
})
)
.apply(JSON.stringify),
});god forbid now I would need 2 outputs to render in the same policy
thinking possibly interpolate i'll hold off for now
b
bored-oyster-3147
03/25/2021, 8:48 PMthat is very odd to me - because
.apply(...)Output<T>pulumi.output(...)but if it works, I guess
identity.accountId.apply((id) => {
return {
Version: "2012-10-17",
Statement: [
{
Action: "sts:AssumeRole",
Principal: {
AWS: `arn:aws:iam::${id}:root`,
},
Effect: "Allow",
Sid: "",
},
],
};
}).apply(JSON.stringify);b
brave-angle-33257
03/25/2021, 9:25 PMlet me try, i thought I tried that, but let me check
yea, ok that does work.. i guess the
pulumi.output()also, took me a bit to realize
pulumi.outputpulumi.OutputI did figure out how to use 2 inputs though:
let role = new aws.iam.Role(ecs_role_name, {
name: ecs_role_name,
assumeRolePolicy: pulumi
.all([identity.accountId, identity.userId])
.apply(([id, userId]) => {
return {
Version: "2012-10-17",
Statement: [
{
Action: "sts:AssumeRole",
Principal: {
AWS: `arn:aws:iam::${id}:${userId}`,
},
Effect: "Allow",
Sid: "",
},
],
};
})
.apply(JSON.stringify),
});thats not valid ARN obviously, but it did resolve correctly
b
bored-oyster-3147
03/25/2021, 9:33 PMyea! well I'm glad you figured out. I'm used to dotnet so there's definitely some small semantic differences to accomplish the same task that I tend to trip over so I'm glad you got it to work.
b
brave-angle-33257
03/26/2021, 2:46 PMThanks for your help!
🙌 1