white-action-27798
04/20/2021, 10:26 AMdef create_iam_policy_write_access_to_bucket(bucket, policy_name_suffix):
# todo(zeev+dan): why not Managed policy?
with open('./polices/s3_bucket_write_access_policy.json') as f:
policy_document = json.load(f)
policy_document['Statement'][0]['Resource'] = pulumi.Output.concat(bucket.arn, "/*")
name, _ = get_resource_name_by_convention(f's3_write_access_iam_policy-{policy_name_suffix}')
s3_write_access_iam_policy = iam.Policy(
name,
description="write Access to a given bucket arn",
policy=policy_document
)
return s3_write_access_iam_policy
s3_bucket_write_access_policy.json:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:DeleteObject",
"s3:PutObjectAcl"
],
"Resource": "PLACE_HOLDER_FOR_PULUMI"
}
]
}
We need to edit the policy (change the resource field to the relevant s3 bucket).
How can we do it with the new function?
I tried a lot of things for example I tried to change the function to:
def create_iam_policy_write_access_to_bucket(bucket, policy_name_suffix):
with open('./polices/s3_bucket_write_access_policy.json') as f:
policy_document = json.load(f)
policy_document['Statement'][0]['Resource'] = pulumi.Output.concat(bucket.arn, "/*")
name, _ = get_resource_name_by_convention(f's3_write_access_iam_policy-{policy_name_suffix}')
s3_write_access_iam_policy = iam.Policy(
name,
description="write Access to a given bucket arn",
policy=json.dumps(
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:DeleteObject",
"s3:PutObjectAcl"
],
"Resource": policy_document['Statement'][0]['Resource']
}
]
}
)
)
return s3_write_access_iam_policy
But I am getting this error message :
TypeError: Object of type Output is not JSON serializable
any idea how can we do it with the new function?red-match-15116
04/20/2021, 3:34 PMwhite-action-27798
04/21/2021, 7:34 AM