https://pulumi.com logo
Powered by
#python
Title
b

billions-ability-33213

03/27/2020, 5:28 PM
Hi there! Im struggling for creating same 
iam
roles that gonna be used for multiple resources (example : group of lambdas that use the same role). The problem is that the lambdas are created in a 
for
loop . If I put the creation of the iam role inside as 
role.arn
I get duplicates URN... Any advise/example how I should do this ?
g

gentle-diamond-70147

03/27/2020, 6:24 PM
This is likely because the 
resource_name
you're setting is the same for each resource you're creating in your for loop - e.g. https://www.pulumi.com/docs/reference/pkg/python/pulumi_aws/iam/#pulumi_aws.iam.Role. So you can use the role name as part of the 
resource_name
or some other value such as the index of the for loop. Here's an example of using a zone name as part of it - e.g. 
f'vpc-subnet-{zone}'
- https://github.com/pulumi/examples/blob/6f33b20ffe6d4cff6173682dc3e894f5c2927b20/aws-py-eks/vpc.py#L44
b

billions-ability-33213

03/27/2020, 9:04 PM
Ah thx @gentle-diamond-70147 I was mixing the notion of 
resource_name
and role 
name
! But then I still have an issue where basically Id like to have a unique role name to avoid creating tons of role that does the same and when it's put in my loop as 
role.arn
with an unique resources names, first loop basically create the role but then it's still throwing an error that the given role name already exist 😕 However the process goes throught
g

gentle-diamond-70147

03/27/2020, 9:37 PM
I'm afraid I'm not following. Can you share your code?
b

billions-ability-33213

03/27/2020, 9:51 PM
Maybe a snippet like this can be more clear :
Copy code
# iam.py
def create_my_unique_role(suffix_name:str):

    role = iam.Role(resource_name=f'my_role_resource_name_{suffix_name}',
                    name='my_role_unique_name')

    return role

# __main__.py

for i, lambda_name in enumarate(lambdas):
    lambda_.Function(resource_name=f'{lambda_name}',
                    role=create_my_unique_role(suffix_name=i).arn
                    ...)
Sorry if Im missing something that's obvious but basically, Id like to have my role available before my loop so that I can attach the same unique one to all lambdas.
g

gentle-diamond-70147

03/27/2020, 10:37 PM
You can define one role outside of the loop and then reference it for each lambda - e.g.
Copy code
# iam.py
def create_my_unique_role(suffix_name:str):
    role = iam.Role(resource_name=f'my_role_resource_name_{suffix_name}',
                    name='my_role_unique_name')
    return role
    
# __main__.py
lambda_role = create_my_unique_role(suffix_name='lambda')
for i, lambda_name in enumarate(lambdas):
    lambda_.Function(resource_name=f'{lambda_name}',
                    role=lambda_role.arn
                    ...)
b

billions-ability-33213

03/28/2020, 7:06 AM
Actually that's what I tried in the first place I thought it was due to some async call where the resource was not ready yet - the error was actually somewhere else 🤦‍♂️ anyway thx for the support @gentle-diamond-70147 🙂 Solved now
👍 1
Powered by