No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

no, there isn't update role method (as in cdk :disappointed: ), AWS IAM consists of objects and attachment objects

Just a guess, but isn't this parameter where you pass the role to the Storage Integration?
<https://www.pulumi.com/docs/reference/pkg/snowflake/storageintegration/#storage_aws_role_arn_python>



Also it is not clear what parameters are you trying to update on the role then

If you could share a piece of code on what you are trying to achieve we'd be able to help you better

Hey <@U025964HAJH>

Unfortunately no, it’s not the `storage_aws_role_arn` variable : this one needs to be set before creating the `StorageIntegration`

I’ll share a code snippet below to illustrate

My `aws_storage_integration` variable then has two outputs (`storage_aws_external_id` &amp; `storage_aws_iam_user_arn` ) which corresponds to resources that are present on Snowflake’s own AWS account

To secure the AWS-Snowflake integration, I would then need to change my `assume_role_policy` to whitelist this specific user and external id

I’ve found an elegant way to solve this without manual intervention : using `StackReference` on the current stack

solution_to_circular_reference.py

For other developers encountering this case, the solution may look something like this

It works because `current_stack.get_output("FOO")` returns `None` upon the initial deployment

It’s not a great solution though, because you’d still have to run the `pulumi up`  twice to get everything set up, but at least there’s no manual intervention