Hi I am creating an account via pulumi in typescript ```cons

Question

Hi I am creating an account via pulumi in typescript ```const accountDev = new aws organizations Account dev name dev email <mailto xxxx xxx com|xxxx xxx com> parentId infrastructure id roleName admin export const accountDevArn = accountDev arn export const accountIdDev = pulumi output accountDev id ``` This works all good and i am exporting the arn and account id In another file i am using the accountIdDev to create a policy for a user to assume role and use admin role to perform operations ```import accountIdDev from accounts const policy = new aws iam Policy devAssumePolicy path name devAssumePolicy description assume policy for dev accounts created policy JSON stringify Version 2012 10 17 Statement Action sts AssumeRole Effect Allow Resource arn aws iam +accountIdDev+ role admin const attachPolicyInfra = new aws iam UserPolicyAttachment attachPolicyInfra user Infra accounts ci policyArn policy arn ``` However i am struggling to get the accountIdDev and its giving malformed policy Can some help in telling what am i doing wrong here Thanks

loud-bear-51491 · Answer

tried doing this function but for some reason it doesn t interpret it correctly `const resource = pulumi interpolate `arn aws iam $ accountIdDev role admin` `

green-stone-37839 · Answer

You ll need to use the `apply ` function to resolve accountIdDev to a string Docs on apply <https www pulumi com docs intro concepts inputs outputs >

green-stone-37839 · Answer

something like `accountIdDev apply id = gt use id as string here `

little-cartoon-10569 · Answer

You re creating a Policy using JSON stringify To do this you need to wrap the whole JSON stringify in `pulumi interpolate` It gets messy very quickly To help with this Pulumi has provided the class `aws iam PolicyDocument` which can be used instead of JSON stringify in the same place And as a bonus all its properties are correctly typed so the IDE support is great slightly smiling face

loud-bear-51491 · Answer

Thanks you guys for the replies I ll try them and let you know if i am successful with the multiple options mentioned

loud-bear-51491 · Answer

still not able to figure this out Tried various interpretations Nothing seems to be working confused ```import as pulumi from pulumi pulumi import as aws from pulumi aws import accountDev from accounts let accIdDev = accountIdDev apply id string = gt arn aws iam + id + role admin console log accIdDev const userPolicyDocument = aws iam getPolicyDocument statements effect Allow actions sts AssumeRole resources accountDev id apply id string = gt arn aws iam + id + role admin const policy = new aws iam Policy devAssumePolicy path name devAssumePolicy description assume policy for dev accounts created policy userPolicyDocument then userPolicyDocument json any = gt userPolicyDocument json const attachPolicyInfra = new aws iam UserPolicyAttachment attachPolicyInfra user Infra accounts ci policyArn policy arn ```

little-cartoon-10569 · Answer

Here s what I can see maybe more will become apparent if I see errors line numbers etc `console log accIdDev ` is logging an output so it won t show anything useful You might want `accIdDev apply id = gt pulumi log debug id ` `resources accountDev id apply id string = gt arn aws iam + id + role admin ` Assuming there s a typo here you should be able to use `resources accIdDev ` because you re in an aws iam PolicyDocument `policy userPolicyDocument then userPolicyDocument json any = gt userPolicyDocument json ` This negates the power of PolicyDocument You want `policy userPolicyDocument`