Anyone know how to create an iam RolePolicy that includes an Pulumi Community #python

Anyone know how to create an iam.RolePolicy that i...

polite-iron-99873

03/11/2020, 2:39 PM

Anyone know how to create an iam.RolePolicy that includes an Output from another resource? The following fails because vpc.id is an 'output', and policy requires a 'str'

Copy code

policy=
        {
            "Version": "2012-10-17",
            "Statement": [{
                "Action": [
                    "logs:PutLogEvents",
                    "logs:CreateLogStream",
                    "logs:DescribeLogGroups",
                    "logs:DescribeLogStreams"
                ],
                "Effect": "Allow",
                "Resource": 'arn:aws:logs:us-east-1:xxxxxxxxx:log-group:/aws/vpc/' + vpc.id + '/flows/*'
            }]
        })

polite-iron-99873

03/11/2020, 2:46 PM

This problem is actually more broad in that you cannot concatenate a string with an output at all. The following will fail as well.

Copy code

logGroupName = '/aws/vpc/' + vpc.id + '/flows/reject'

nutritious-shampoo-16116

03/11/2020, 2:54 PM

which error it throws?

polite-iron-99873

03/11/2020, 2:58 PM

Copy code

logGroupName = '/aws/vpc/' + vpc.id + '/flows/reject'
    TypeError: must be str, not Output
    error: an unhandled error occurred: Program exited with non-zero exit code: 1

nutritious-shampoo-16116

03/11/2020, 3:28 PM

did you try

Copy code

Output.concat('/aws/vpc/', vpc.id, '/flows/rehect')

polite-iron-99873

03/11/2020, 4:03 PM

That did the trick. Thank you very much!

nutritious-shampoo-16116

03/12/2020, 1:02 PM

👌

Open in Slack

Previous Next