modern-bear-85657
10/16/2019, 7:41 PMTypes of property 'Version' are incompatible.
Type 'string' is not assignable to type 'Input<"2008-10-17" | "2012-10-17">'.ts(2322)
broad-dog-22463
10/16/2019, 7:42 PMmodern-bear-85657
10/16/2019, 7:48 PMInput
object. I don’t see why that’s necessary.broad-dog-22463
10/16/2019, 8:18 PMmodern-bear-85657
10/16/2019, 8:35 PMconst policy = new aws.iam.Policy('bucket-policy', {
name: '...',
description: '...',
policy: {
Version: '2012-10-17',
Statement: [{/* ... */}]
}
})
stocky-spoon-28903
10/17/2019, 9:33 AMmodern-bear-85657
10/17/2019, 1:00 PM"@pulumi/aws": {
"version": "1.6.0",
"resolved": "https://{{ nexus.internal }}/repository/npm-all/@pulumi/aws/-/aws-1.6.0.tgz",
"integrity": "sha512-zEqTtMpFoDJwGhhA+CIiSto6shURsCCjbKAIZLGRnlCbx4f5LQR0eZjXoXizF86YwTYj5oNV+fzEi/zVYWtBDQ==",
"requires": {
"@pulumi/pulumi": "^1.0.0",
"aws-sdk": "^2.0.0",
"builtin-modules": "3.0.0",
"mime": "^2.0.0",
"read-package-tree": "^5.2.1",
"resolve": "^1.7.1"
}
},
broad-dog-22463
10/21/2019, 8:39 PMstocky-spoon-28903
10/21/2019, 8:41 PMmodern-bear-85657
10/21/2019, 8:46 PM// Build an IAM Policy to access the bucket
const policy = new aws.iam.Policy('bucket-policy', {
name: pulumi.interpolate `demo-s3-${envConfig.account_name}`,
description: 'S3 bucket access',
policy: {
Version: "2012-10-17",
Statement: [
{
Action: "s3:GetObject",
Effect: "Allow",
Resource: pulumi.interpolate `${bucket.arn}/*`,
Principal: devRole.arn
}
]
}
})
stocky-spoon-28903
10/31/2019, 11:15 PMimport * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
import * as awsx from "@pulumi/awsx";
const bucket = new aws.s3.Bucket("my-bucket");
const account_name = pulumi.output("test")
const arn = pulumi.output("*");
// Build an IAM Policy to access the bucket
const policy = new aws.iam.Policy("bucket-policy", {
name: pulumi.interpolate `demo-s3-${account_name}`,
description: 'S3 bucket access',
policy: {
Version: "2012-10-17",
Statement: [
{
Action: "s3:GetObject",
Effect: "Allow",
Resource: pulumi.interpolate `${bucket.arn}/*`,
Principal: arn,
}
]
}
});
// Export the name of the bucket
export const bucketName = bucket.id;
Principal
.Principal
where Output<string>
in PolicyDocument
is valid.pulumi.all(...).apply(...)
also.Principal
(because the Principal is the thing it is attached to)PolicyDocument
, just not for the reason it first suggests// Build an IAM Policy to access the bucket
const policy = new aws.iam.Policy("bucket-policy", {
name: pulumi.interpolate`demo-s3-${account_name}`,
description: 'S3 bucket access',
policy: pulumi.output({
Version: "2012-10-17",
Statement: [
{
Action: "s3:GetObject",
Effect: "Allow",
Resource: `${bucket.arn}/*`,
}
]
})
});
modern-bear-85657
11/04/2019, 1:55 PM