https://pulumi.com logo
Join Slack
Powered by
This message was deleted.
# general
s
This message was deleted.
b
@little-market-63455 this doesn't directly answer your question, but I recently wrote this which may help to understand some of the things you're saying: https://www.leebriggs.co.uk/blog/2021/05/09/pulumi-apply.html
🔥 1
👀 2
the short answer is: if you're building an IAM role (which accepts a string) you can use 
aws.iam.getUser
then use an 
apply()
to build the policy document string
l
I will be sure to read that @billowy-army-68599. Thank you
I am kinda using multiple properties from 
GetUserResult
eventually to build different resources. So according to your suggestion I should be accepting a 
Input<GetUserResult>
on the inside of the component?
b
no, you would use 
pulumi.all
- I can try build an example, hold on
which properties are you using from 
GetUserResult
?
l
the 
Arn
and the 
UserName
b
@little-market-63455 as I'm building this I'm realising, what are you passing those values to?
l
to the constructor of the 
ComponentResource
eventually they propogate all the way to properties on native cloud resources like roles or access keys and so on
b
sorry my question isn't clear, what AWS resources are you trying to populate in your component resource so I can show you how I'd generally do it. Most of the resources I'm looking up take inputs
l
I am creating an 
aws.iam.Policy
where the 
Resouce
array includes the ARN of the user Another usage is when calling the AWS APIs with the user's name to get their access key
b
got it, working on an example now
l
Appreciate it so much sir, I am reading your article atm
Well written 👍
b
Okay, here's the example: https://github.com/jaxxstorm/pulumi-examples/tree/main/typescript/aws/existing-iam-user I tried to show some of the different mechanisms you can use, it may not exactly suit your use case, but this is how I'd manage this
basically: make your input types primitive types where needed
you'll see here: https://github.com/jaxxstorm/pulumi-examples/blob/main/typescript/aws/existing-iam-user/userrole.ts#L48 I'm using 
pulumi.output
but I only use one of the paramaters, that's mainly to show you what's possible:
l
I see. I should have mentioned earlier but I was trying to modify this example from a Pulumi blog post. You can see the author passing a 
user
type in and I thought initially I would pass the equivalent But I also understand the way you did. Thank you kindly for your help
l
In this example, the 
user
variable is a Pulumi resource, so you don't need to use 
getUser
. You can pass the id of the user directly from the user variable to other Pulumi resource constructors.
You can skip the process of retrieving the user's properties from AWS, since Pulumi has already done that and populated the aws.iam.User object with them. Since you're passing the values into a policy document, there is an extra step involving interpolation.
l
Correct but I have modified the example and the user already exists for me, I don't want Pulumi to create it
@billowy-army-68599 If I was to pass the output to helper functions, I would assume that passing 
Output<GetUserResult>
should work?
I guess I feel the other alternative with all the 
applies
is a bit unreadable but that's probably more idiomatic from what I feel now
l
Even if the user already exists, you can import it. Since Pulumi is a declarative state management tool, it won't recreate it. The user will be in Pulumi state and usable in the normal way.
7 Views
Open in Slack
PreviousNext
Powered by