No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

Hey guys,
I am trying to create a iam role using eks oidc information, but I keep getting an error that I can't seem to solve
```const albPodRole = new aws.iam.Role('alb-service-account-role', {
  assumeRolePolicy: `{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "",
      "Effect": "Allow",
      "Principal": {
        "Federated": "${eksCluster.core.oidcProvider?.arn}"
      },
      "Action": "sts:AssumeRoleWithWebIdentity",
      "Condition": {
        "ForAnyValue:StringEquals": {
          "${eksCluster.core.oidcProvider?.url}:sub": ["system:serviceaccount:kube-system:alb-controller-aws-load-balancer-controller"]
        }
        
      }
    }
  ]
}
`,
}, {
  dependsOn: eksCluster,
})```

<@U02QJN7880J>  you’re passing an output to a string, you need to use an apply. See here:


<https://github.com/jaxxstorm/pulumi-examples/blob/67c1de79b9b5ed59ad4bdd9247e4298df8a44164/typescript/aws/eks-platform/alb-ingress-controller/index.ts#L19|https://github.com/jaxxstorm/pulumi-examples/blob/67c1de79b9b5ed59ad4bdd9247e4298df8a44164/typescript/aws/eks-platform/alb-ingress-controller/index.ts#L19>