salmon-ghost-86211
09/29/2020, 9:34 PMerror: aws:efs/fileSystemPolicy:FileSystemPolicy resource 'policy' has a problem: "policy" contains an invalid JSON: invalid character '\n' in string literal
I have copied the example exactly from here <https://www.pulumi.com/docs/reference/pkg/nodejs/pulumi/aws/efs/#FileSystemPolicy>
except for fixing the invalid reference aws_efs_file_system.test.arn
.
I also converted the leading spaces in the policy string to tabs in case that made a difference. It didn't.
pulumi: v2.10.2
pulumi aws plugin: 3.5.0
node: v12.* (tried several versions to see of that mattered)
Any ideas?little-cartoon-10569
09/29/2020, 9:44 PMsalmon-ghost-86211
09/29/2020, 9:45 PMlittle-cartoon-10569
09/29/2020, 9:46 PMsalmon-ghost-86211
09/29/2020, 9:47 PM"Resource": "${fs.arn}",
string
. I like how IAM policies allow a PolicyDocument. (<https://www.pulumi.com/docs/reference/pkg/nodejs/pulumi/aws/iam/#PolicyArgs-policy>
)broad-dog-22463
09/29/2020, 9:53 PMlittle-cartoon-10569
09/29/2020, 9:53 PMonst policy = pulumi.output(aws.iam.getPolicyDocument({
statements: [{
actions: ["elasticfilesystem:ClientMount", "elasticfilesystem:ClientWrite"],
principals: [{
identifiers: ["*"],
type: "AWS",
}],
conditions: [{
test: "Bool",
variable: "aws:secureTransport",
values: [true],
}],
})
);
https://www.pulumi.com/docs/reference/pkg/aws/iam/getpolicydocument/salmon-ghost-86211
09/29/2020, 9:55 PMefs
policies are different than iam
policies. Did the above example work? I can try now too.little-cartoon-10569
09/29/2020, 9:55 PMthen()
. See the bottom of the first example on that page.salmon-ghost-86211
09/29/2020, 9:57 PMlittle-cartoon-10569
09/29/2020, 9:58 PMsalmon-ghost-86211
09/29/2020, 9:58 PMlittle-cartoon-10569
09/29/2020, 10:00 PMsalmon-ghost-86211
09/29/2020, 10:02 PMpulumi
seems to happy with that. For anyone looking in the future, here's a working example that should replace the original FileSystemPolicy
example referenced in the original question.
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const fs = new aws.efs.FileSystem("fs", {});
const iamPolicyDoc = aws.iam.getPolicyDocument({
statements: [{
actions: ["elasticfilesystem:ClientMount", "elasticfilesystem:ClientWrite"],
principals: [{
identifiers: ["*"],
type: "AWS",
}],
conditions: [{
test: "Bool",
variable: "aws:secureTransport",
values: ["true"],
}],
}]
});
const policy = new aws.efs.FileSystemPolicy("policy", {
fileSystemId: fs.id,
policy: iamPolicyDoc.then(doc => doc.json)
});
BTW I did not wrap the getPolicyDocument
statement in pulumi.output
.little-cartoon-10569
09/30/2020, 12:19 AM.then()
does the same thing as output()
would have. More easily unit-testable, too.