brave-angle-33257
08/20/2021, 9:18 PMvar stackref = new pulumi.StackReference('s3stack');
var resource = new <http://aws.XXX|aws.XXX>('resource', {
bucket: stackref.getOutput('outputs').apply(v=>v['storagebucket']['bucket'])
})
I'm trying to use this with a pulumi.all like this but can't get it working, it always shows up as [object] in the policy I'm trying to create. The deploy bucket is created in another stack, and the artifact bucket is created in this same stack with the build project
let pipeline_role_policy = new aws.iam.Policy(pipeline_role_name, {
name: pipeline_role_name,
policy: pulumi
.all([stackref.getOutput("outputs"), this_stack_pipeline_bucket.arn])
.apply(([bucketOutputs, artifactBucketArn]) => {
return {
Version: "2012-10-17",
Statement: [
{
Effect: "Allow",
Action: ["s3:*"],
Resource: [
`${bucketOutputs['deploy']['bucket']}`,
`${bucketOutputs['deploy']['bucket']}/*`,
`${artifactBucketArn}`,
`${artifactBucketArn}/*`,
],
},
],
};
})
.apply(JSON.stringify),
});
great-sunset-355
08/21/2021, 8:51 AM.all
I'd use Output.fromInput({...policy...}).apply(JSON.stringify)
Then inside ..policy..
unpack each output as required.
Also someone pointed me to this https://github.com/udondan/iam-floyd which I did not have a chance to trybrave-angle-33257
08/23/2021, 12:23 AM