https://pulumi.com logo
#general
Title
# general
b

brave-angle-33257

03/22/2021, 5:34 PM
hi, can someone help me with this promise() syntax.. been stuck on this for too long this morning
Copy code
async getAccountId() {
        const awsIdentity = await aws.getCallerIdentity({ async: true });
        const accountId = awsIdentity.accountId;
        return accountId;
    }
is the function Im trying to use to get the account ID, then I want to use it in a policy like:
Copy code
// IAM role
        var ecs_role_name = `${ecs_cluster_name}-role-main`;
        this.holder["ecs_role_name"] = ecs_role_name;
        let assume_policy_document: aws.iam.PolicyDocument = {
            Version: "2012-10-17",
            Statement: [
                {
                    Action: "sts:AssumeRole",
                    Principal: {
                        AWS: this.getAccountId().then((x) => x),
                    },
                    Effect: "Allow",
                    Sid: "",
                },
            ],
        };
i realize that the
AWS
needs a full ARN but right now I keep getting things similar to:
Copy code
aws:iam:Role (prod-main-ecs-role-main):
    error: 1 error occurred:
        * Error creating IAM Role prod-main-ecs-role-main: MalformedPolicyDocument: Invalid principal in policy: "AWS":"arn:aws:iam::[object Promise]:root"
        status code: 400, request id: 3875e107-41d6-488d-be73-93a9794915a0
b

better-shampoo-48884

03/22/2021, 5:49 PM
could you try returning awsIdentity then doing
awsIdentity.accountId.apply(id => id)
b

bored-oyster-3147

03/22/2021, 5:49 PM
you want something like:
Copy code
const identity = pulumi.output(aws.getCallerIdentity());
let policyDocument = identity.accountId.apply(id =>
{
    return {
        Version: "2012-10-17",
        Statement: [
            {
                Action: "sts:AssumeRole",
                Principal: {
                    AWS: id,
                },
                Effect: "Allow",
                Sid: "",
            },
        ],
    };
});
b

better-shampoo-48884

03/22/2021, 5:49 PM
joshua with the better option 😉
b

brave-angle-33257

03/22/2021, 5:50 PM
excellent, thank you. i always get tripped up on these heh
b

bored-oyster-3147

03/22/2021, 5:50 PM
checkout this in the docs: https://www.pulumi.com/docs/intro/concepts/inputs-outputs/ and then look for some examples of using the
.get
methods in here: https://github.com/pulumi/examples
👍 1
b

brave-angle-33257

03/25/2021, 8:10 PM
after playing with this, getting stuck, and coming back to it, this was the final way I got this to work, not the easiest to figure out:
Copy code
const identity = pulumi.output(aws.getCallerIdentity());

        let role = new aws.iam.Role(ecs_role_name, {
            name: ecs_role_name,
            assumeRolePolicy: pulumi
                .output(
                    identity.accountId.apply((id) => {
                        return {
                            Version: "2012-10-17",
                            Statement: [
                                {
                                    Action: "sts:AssumeRole",
                                    Principal: {
                                        AWS: `arn:aws:iam::${id}:root`,
                                    },
                                    Effect: "Allow",
                                    Sid: "",
                                },
                            ],
                        };
                    })
                )
                .apply(JSON.stringify),
        });
god forbid now I would need 2 outputs to render in the same policy
thinking possibly interpolate i'll hold off for now
b

bored-oyster-3147

03/25/2021, 8:48 PM
that is very odd to me - because
.apply(...)
is just for transforming
Output<T>
. So you apply an output, get a new output, and pass it to
pulumi.output(...)
when it is already an output
but if it works, I guess
Copy code
identity.accountId.apply((id) => {
                        return {
                            Version: "2012-10-17",
                            Statement: [
                                {
                                    Action: "sts:AssumeRole",
                                    Principal: {
                                        AWS: `arn:aws:iam::${id}:root`,
                                    },
                                    Effect: "Allow",
                                    Sid: "",
                                },
                            ],
                        };
                    }).apply(JSON.stringify);
does this not work?
b

brave-angle-33257

03/25/2021, 9:25 PM
let me try, i thought I tried that, but let me check
yea, ok that does work.. i guess the
pulumi.output()
is redundant
also, took me a bit to realize
pulumi.output
is different than
pulumi.Output
the latter being a type, I was trying to use it as a function messed me up some heh
I did figure out how to use 2 inputs though:
Copy code
let role = new aws.iam.Role(ecs_role_name, {
            name: ecs_role_name,
            assumeRolePolicy: pulumi
                .all([identity.accountId, identity.userId])
                .apply(([id, userId]) => {
                    return {
                        Version: "2012-10-17",
                        Statement: [
                            {
                                Action: "sts:AssumeRole",
                                Principal: {
                                    AWS: `arn:aws:iam::${id}:${userId}`,
                                },
                                Effect: "Allow",
                                Sid: "",
                            },
                        ],
                    };
                })
                .apply(JSON.stringify),
        });
thats not valid ARN obviously, but it did resolve correctly
b

bored-oyster-3147

03/25/2021, 9:33 PM
yea! well I'm glad you figured out. I'm used to dotnet so there's definitely some small semantic differences to accomplish the same task that I tend to trip over so I'm glad you got it to work.
b

brave-angle-33257

03/26/2021, 2:46 PM
Thanks for your help!
🙌 1
5 Views