https://pulumi.com logo
Powered by
r

refined-terabyte-65361

12/17/2021, 6:33 PM
Hello I have a role in aws for which i am trying to attache multiple policies I tried writing it as function and calling it with args
Copy code
function iam(IamPolicyName: string, IamPolicy: string) {
  new aws.iam.RolePolicyAttachment(IamPolicyName, {
    role: role.name,
    policyArn: IamPolicy,
  });
}

const IamLambdaPolicy = iam(
  "lambdaFullAccess",
  `aws.iam.ManagedPolicy.lambdaFullAccess`
);
const IamSqsPolicy = iam(
  "SQSFullAccess",
  `aws.iam.ManagedPolicy.AmazonSQSFullAccess`
);
but i get error
Copy code
aws:iam:RolePolicyAttachment (lambdaFullAccess):
    error: 1 error occurred:
    	* Error attaching policy aws.iam.ManagedPolicy.LambdaFullAccess to IAM Role lambdaRole-16d99f4: InvalidInput: ARN aws.iam.ManagedPolicy.LambdaFullAccess is not valid.
    	status code: 400, request id: 8a1ea825-46fe-43c6-ab65-a6d23cb8f489
 
  aws:iam:RolePolicyAttachment (SQSFullAccess):
    error: 1 error occurred:
    	* Error attaching policy aws.iam.ManagedPolicy.AmazonSQSFullAccess to IAM Role lambdaRole-16d99f4: InvalidInput: ARN aws.iam.ManagedPolicy.AmazonSQSFullAccess is not valid.
    	status code: 400, request id: 6755daf5-8485-4c0b-8ee8-5f08ef30353e
This works as expected
Copy code
new aws.iam.RolePolicyAttachment("lambdaFullAccess", {
  role: role.name,
  policyArn: aws.iam.ManagedPolicy.LambdaFullAccess,
});

new aws.iam.RolePolicyAttachment("SQSFullAccess", {
  role: role.name,
  policyArn: aws.iam.ManagedPolicy.AmazonSQSFullAccess,
});
but this is not efficient since we have like 6 policies to attach to role
b

billowy-army-68599

12/17/2021, 6:42 PM
@refined-terabyte-65361 in the function, you're setting the policy as a string, in the second example, you're using an enum. Try this:
Copy code
const IamSqsPolicy = iam(
  "SQSFullAccess",
  aws.iam.ManagedPolicy.AmazonSQSFullAccess
);
1
r

refined-terabyte-65361

12/17/2021, 6:43 PM
Thanks works as expected
2 Views
Powered by