https://pulumi.com logo
Join Slack
Powered by
This message was deleted.
# general
s
This message was deleted.
l
It seems like you're asking to get access to a known constant ("mygroup1") via something that you know in advance will be an output (mygroup.name).
The problem goes away by changing the formal parameter list to your example function from 
grantAcctionRole(role: aws.iam.Role, group: aws.iamGroup)
to 
grantAcctionRole(roleName: string, role: aws.iam.Role, groupName: string, group: aws.iam.Group)
Or alternatively, changing from 
grantAssumeRole()
to 
createRoleAndTrustedGroups()
.
I've helped quite a few people solve this issue in the past, and there hasn't yet been a case where using the original string hasn't been possible.
And of course, by using a simple string instead of an output (or something generated from an output), everything is going to be more efficient. Fewer outputs to resolve.
r
I get that I could provide the names everywhere, along with the instances. But it soon becomes insane to have to carry over all these names all over the place, while in a lot of cases, the resource itself would be sufficient. It also severely limits generic code, since you don't always know the group or role name. Imagine you retrieve the role from a higher level function, say you have 
createLambdaFunction()
that returns the execution role, and you would like to use that. You then need to return both the role and the role name from the function, and carry both all over the place whenever you want to actually use that resource. Basically, it means whenever you create a resource, you need to carry its name around.
Also note that I don't think there is a need to access the physical name, such as role.name. Having access to the logical name is enough, and that should not require a resolve right?
2 Views
Open in Slack
PreviousNext
Powered by