bright-orange-69401
07/31/2021, 6:23 PMRole
in AWS
2. Create StorageIntegration
in Snowflake using Role
from step 1
3. Update Role
by adding parameters obtained after creating the StorageIntegration
in step 2
Is there a way to solve such a pattern in Pulumi ? (Other than manually hard-coding stuff and re-deploying)
Is there maybe an UpdateRole
resource that I can provision in my step 3 ?
(NB: it’s specifically the assume_role_policy
that I need to alter in step 3)great-sunset-355
08/01/2021, 4:22 PMbright-orange-69401
08/02/2021, 10:33 AMstorage_aws_role_arn
variable : this one needs to be set before creating the StorageIntegration
I’ll share a code snippet below to illustrateaws_storage_integration
variable then has two outputs (storage_aws_external_id
& storage_aws_iam_user_arn
) which corresponds to resources that are present on Snowflake’s own AWS account
To secure the AWS-Snowflake integration, I would then need to change my assume_role_policy
to whitelist this specific user and external idStackReference
on the current stackcurrent_stack.get_output("FOO")
returns None
upon the initial deploymentpulumi up
twice to get everything set up, but at least there’s no manual intervention