Hi there Im struggling for creating same `iam` roles that go Pulumi Community #python

Hi there! Im struggling for creating same `iam` ro...

billions-ability-33213

03/27/2020, 5:28 PM

Hi there! Im struggling for creating same

iam

roles that gonna be used for multiple resources (example : group of lambdas that use the same role). The problem is that the lambdas are created in a

for

loop . If I put the creation of the iam role inside as

role.arn

I get duplicates URN... Any advise/example how I should do this ?

gentle-diamond-70147

03/27/2020, 6:24 PM

This is likely because the

resource_name

you're setting is the same for each resource you're creating in your for loop - e.g. https://www.pulumi.com/docs/reference/pkg/python/pulumi_aws/iam/#pulumi_aws.iam.Role. So you can use the role name as part of the

resource_name

or some other value such as the index of the for loop. Here's an example of using a zone name as part of it - e.g.

f'vpc-subnet-{zone}'

- https://github.com/pulumi/examples/blob/6f33b20ffe6d4cff6173682dc3e894f5c2927b20/aws-py-eks/vpc.py#L44

billions-ability-33213

03/27/2020, 9:04 PM

Ah thx @gentle-diamond-70147 I was mixing the notion of

resource_name

and role

name

! But then I still have an issue where basically Id like to have a unique role name to avoid creating tons of role that does the same and when it's put in my loop as

role.arn

with an unique resources names, first loop basically create the role but then it's still throwing an error that the given role name already exist 😕 However the process goes throught

gentle-diamond-70147

03/27/2020, 9:37 PM

I'm afraid I'm not following. Can you share your code?

billions-ability-33213

03/27/2020, 9:51 PM

Maybe a snippet like this can be more clear :

Copy code

# iam.py
def create_my_unique_role(suffix_name:str):

    role = iam.Role(resource_name=f'my_role_resource_name_{suffix_name}',
                    name='my_role_unique_name')

    return role

# __main__.py

for i, lambda_name in enumarate(lambdas):
    lambda_.Function(resource_name=f'{lambda_name}',
                    role=create_my_unique_role(suffix_name=i).arn
                    ...)

Sorry if Im missing something that's obvious but basically, Id like to have my role available before my loop so that I can attach the same unique one to all lambdas.

gentle-diamond-70147

03/27/2020, 10:37 PM

You can define one role outside of the loop and then reference it for each lambda - e.g.

Copy code

# iam.py
def create_my_unique_role(suffix_name:str):
    role = iam.Role(resource_name=f'my_role_resource_name_{suffix_name}',
                    name='my_role_unique_name')
    return role
    
# __main__.py
lambda_role = create_my_unique_role(suffix_name='lambda')
for i, lambda_name in enumarate(lambdas):
    lambda_.Function(resource_name=f'{lambda_name}',
                    role=lambda_role.arn
                    ...)

billions-ability-33213

03/28/2020, 7:06 AM

Actually that's what I tried in the first place I thought it was due to some async call where the resource was not ready yet - the error was actually somewhere else 🤦‍♂️ anyway thx for the support @gentle-diamond-70147 🙂 Solved now

👍 1

Open in Slack

Previous Next