sparse-intern-71089
09/13/2021, 8:49 PMbillowy-army-68599
alert-raincoat-81485
09/13/2021, 9:00 PMalert-raincoat-81485
09/13/2021, 9:01 PMtry..except
options, when we run pulumi up, it detaches all policies attached with the iam role, so that we have to run 2nd time again to attach policies.alert-raincoat-81485
09/13/2021, 9:52 PMbillowy-army-68599
try
block, you're checking if the role exists:
try:
example = aws.iam.get_role(name="role-as1")
print(example.name)
in the first run, it won't exist, so it catches the exception and creates all the roles
on the next run, the role does exist - however, the resources have been added to the Pulumi state in the last run, so now it wants to remove thembillowy-army-68599
alert-raincoat-81485
09/13/2021, 11:14 PMtry...except
block and ran a part underneath except
standalone.
It creates the resources but at the second run it doesn’t remove the role but detaches all policies. @billowy-army-68599billowy-army-68599
billowy-army-68599
for attach_policy in policy_arns:
test_attach = aws.iam.RolePolicyAttachment(
str(attach_policy), role=role.name, policy_arn=attach_policy.arn
)
billowy-army-68599
billowy-army-68599
for i, attach_policy in enumerate(policy_arns):
test_attach = aws.iam.RolePolicyAttachment(
f"policy_attachment-{i}", role=role.name, policy_arn=attach_policy.arn
)
alert-raincoat-81485
09/14/2021, 12:02 AMalert-raincoat-81485
09/14/2021, 1:17 AMbillowy-army-68599
able-honey-93860
12/27/2021, 4:09 AMfor attach_policy in policy_arns:
test_attach = aws.iam.RolePolicyAttachment(
attach_policy.name,
name=attach_policy.name,
role=role.name, policy_arn=attach_policy.arn
)
This logic works in my runs, but curious if it's an appropriate approach? Yours seems to be a little different and I'd love to hear if that's best practice or doesn't matter? Thanks!