https://pulumi.com logo
#python
Title
# python
w

witty-ice-69000

08/13/2020, 2:53 PM
Copy code
instance_assume_role_policy = iam.get_policy_document(
        opts=pulumi.ResourceOptions(depends_on=[user], provider=provider),
        statements=[
            {
                "actions": ["sts:AssumeRole"],
                "effect": "Allow",
                "principals": [
                    {"identifiers": [user.arn.apply(lambda arn: arn)], "type": "AWS"}
                ],
            },
        ],
    )
I've figured out that initially replacing the policy document with literal text (good or bad, doesn't matter). Run
pulumi up
and the user gets created and then pulumi fails. Then I can revert to acquiring the ARN of the user automatically and everything works. I thought that by declaring the "depends_on" parameters that the user ARN acquisition would work, but that doesn't seem to work. Is there a timing configuration, or something else that needs to be resolved?
Copy code
user = iam.User(
        "pulumi_user",
        name=construct_iam_resource_name("iam_deployment"),
        path=automata_iam_path,
        tags={"purpose": "Account used to perform Pulumi stack updates on CI/CD."},
    )

    user_arn = user.arn.apply(lambda arn: arn)

    instance_assume_role_policy = iam.get_policy_document(
        opts=pulumi.ResourceOptions(depends_on=[user]),
        statements=[
            {
                "actions": ["sts:AssumeRole"],
                "effect": "Allow",
                "principals": [{"identifiers": [user_arn], "type": "AWS"}],
            },
        ],
        version="2012-10-17",
    )
2 Views