No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

(I think) the problem isn't with the policy, it's with the Resource property.

That arn is an output, so the value when interpolated like that is an error message, which includes newlines.

But the Resource property isn't allowed have newlines.

yeah, it looks like that's the issue <@U012UJTT55M> I just started removing code chunks to see what might change the error, and the `"${foobarLogGroup.arn}:*"` is where it's stemming there

You need to interpolate using `apply()`, `pulumi.interpolate`, or .. onesec, there's a nice trick I found a few months back, I'll go hunt it down.

Untitled

Two tricks here: cast to aws.iam.PolicyDocument, which Pulumi converts to JSON for you, later in the process; and pulumi.interpolate``.

If you didn't have the ":*" at the end of the arn, then you wouldn't need to interpolate at all. The cast to aws.iam.PolicyDocument would be enough.

Yea it's quite nice. Even allows the IDE to type check, property-validate and auto-expand / intellisense...

Unfortunately not everywhere that takes a PolicyDocument supports this trick, but RolePolicy does.

<@U012UJTT55M> how did you get the formatting colors to show up?

I used a Text Snippet (lightning menu &lt;---) and selected TypeScript.

It also allows collapsing, which is really great if it's a big piece of code. Makes the channel / thread much tidier.

<@U012UJTT55M> just found all that! Didn't even know that was a thing. Thanks man, I've learned a bunch now :slightly_smiling_face: