This message was deleted Pulumi Community #typescript

Join Slack

This message was deleted.

# typescript

sparse-intern-71089

10/04/2021, 3:46 PM

This message was deleted.

loud-bear-51491

10/04/2021, 3:51 PM

tried doing this function but for some reason it doesn't interpret it correctly :`const resource = pulumi.interpolate(

arn:aws:iam::${accountIdDev}:role/admin

green-stone-37839

10/04/2021, 5:31 PM

You'll need to use the

apply()

function to resolve accountIdDev to a string. Docs on apply: https://www.pulumi.com/docs/intro/concepts/inputs-outputs/

green-stone-37839

10/04/2021, 5:31 PM

something like

accountIdDev.apply(id => use id as string here...})

little-cartoon-10569

10/04/2021, 8:56 PM

You're creating a Policy using JSON.stringify(). To do this, you need to wrap the whole JSON.stringify in

pulumi.interpolate

. It gets messy very quickly. To help with this, Pulumi has provided the class

aws.iam.PolicyDocument

, which can be used instead of JSON.stringify, in the same place. And as a bonus, all its properties are correctly typed so the IDE support is great 🙂

loud-bear-51491

10/05/2021, 9:09 AM

Thanks you guys for the replies.. I'll try them and let you know if i am successful with the multiple options mentioned.

loud-bear-51491

10/05/2021, 12:23 PM

still not able to figure this out.. Tried various interpretations .. Nothing seems to be working 😕

Copy code

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";


import { accountDev } from "./accounts"

let accIdDev = accountIdDev.apply( ( id: string ) => "arn:aws:iam::" + id + ":role/admin" );
console.log( accIdDev );

const userPolicyDocument = aws.iam.getPolicyDocument({
    statements: [
        {
            effect: "Allow",
            actions: [
                "sts:AssumeRole"
            ],
            resources: [accountDev.id.apply( ( id: string ) => "arn:aws:iam::" + id + ":role/admin" )],
        }
    ],
} );

const policy = new aws.iam.Policy( "devAssumePolicy", {
    path: "/",
    name: "devAssumePolicy",
    description: "assume policy for dev accounts created",
    policy: userPolicyDocument.then((userPolicyDocument: { json: any; }) => userPolicyDocument.json),
} );

const attachPolicyInfra = new aws.iam.UserPolicyAttachment( "attachPolicyInfra", {
    user: "Infra-accounts-ci",
    policyArn: policy.arn,
} );

little-cartoon-10569

10/05/2021, 7:33 PM

Here's what I can see, maybe more will become apparent if I see errors, line numbers, etc.: •

console.log( accIdDev );

is logging an output, so it won't show anything useful. You might want

accIdDev.apply(id => pulumi.log.debug(id));

. •

resources: [accountDev.id.apply( ( id: string ) => "arn:aws:iam::" + id + ":role/admin" )]

Assuming there's a typo here, you should be able to use

resources: [ accIdDev ]

because you're in an aws.iam.PolicyDocument. •

policy: userPolicyDocument.then((userPolicyDocument: { json: any; }) => userPolicyDocument.json),

This negates the power of PolicyDocument. You want

policy: userPolicyDocument

Open in Slack

Previous Next