colossal-plastic-46140
07/16/2019, 4:18 PMwhite-balloon-205
Exception: invocation of aws:iam/getPolicy:getPolicy returned an error: invoking aws:iam/getPolicy:getPolicy: Error reading IAM policy *:policy/policy_test: InvalidInput: ARN *:policy/policy_test is not valid.
That seems expected - it is not clear that it is legal to get a policy using a wildcard?colossal-plastic-46140
07/16/2019, 4:24 PMwhite-balloon-205
colossal-plastic-46140
07/16/2019, 4:26 PMsys:1: RuntimeWarning: coroutine 'get_instance_profile' was never awaited
white-balloon-205
colossal-plastic-46140
07/16/2019, 4:30 PMwhite-balloon-205
get_instance_profile
returns a GetInstanceProfileResult
, not a string. And you need to pass a string (the name of the profile) to RolePolicyAttachment
.import pulumi
from pulumi_aws import s3, ec2, iam
async def get_profile():
instance_profile = await iam.get_instance_profile(name="webServerProfile-ad563fb")
return instance_profile.name
async def get_policy():
policy = await iam.get_policy(arn="arn:aws:iam::aws:policy/AdministratorAccess")
return policy.arn
iam.RolePolicyAttachment(role=get_profile(),resource_name="policy_test",policy_arn=get_policy())
get_
calls at all - you can just pass the same strings you used as inputs to the resource:
import pulumi
from pulumi_aws import s3, ec2, iam
iam.RolePolicyAttachment(role="webServerProfile-ad563fb",resource_name="policy_test",policy_arn="arn:aws:iam::aws:policy/AdministratorAccess")
colossal-plastic-46140
07/16/2019, 4:34 PM